Escolar Documentos
Profissional Documentos
Cultura Documentos
System-Partikel-Technik
WINDOX 5
Electronic Records/
Electronic Signatures
Compliance Assessment
Worksheet for
21 CFR Part 11
WINDOX 5
Electronic Records/Electronic Signatures
Compliance Assessment Worksheet for 21 CFR Part 11
Note
WINDOX 5
Electronic Records/Electronic Signatures
Compliance Assessment Worksheet for 21 CFR Part 11
Document: 21CFR11&Windox5(2.0).doc
WINDOX 5
Electronic Records/Electronic Signatures
Compliance Assessment Worksheet for 21 CFR Part 11
Content
Page
1 Introduction 9
5 Support 41
1 Introduction
The Sympatec software WINDOX 5 has been designed
to provide all technological controls required to achieve
compliance with 21 CFR part 11.
Purpose This assessment worksheet has been compiled with the kind
help of Mr. H. Garston Smith, an international software
quality assurance auditor and consultant within the global
pharmaceutical industry, to whom Sympatec express their
grateful thanks for permission to use it.
Alli nfor ma ti
on notr elevantto Sy mpat
ec ’si nstrume nt
s,
hardware and software has been stripped from the original
worksheet. Therefore, the worksheet does not claim to
cover all aspects of an assessment. Emphasis is laid on how
soft
wa r et echnologys uppl i
edwi thSy mpat
e c’ss ystemc a
n
suppor tthec ompa ny ’
se ffortst
obe comecompl iant,i .
e.
Sympatec has preset a “S: Yes”or “S: No”in the Assessment Result
column if the requirement addresses technological controls. All preset
answers apply to the Software WINDOX 5, Version 1, Release 2, or
i
later versons/releases,i
fs etupin“ CFRpa rt11mode ”.
TM WINDOWS NT, WINDOWS 2000 and WINDOWS XP are Trademarks of the Microsoft Corporation.
Assessment
Reference Question Remarks
Result
Q1 Does this computerized S:Yes Ift hea nswe rtot hequ estioni s“No” ,
system create, modify, then this system is NOT subject to the
maintain, archive, retrieve, or regulation under Part 11, and the rest
transmit any electronic of this questionnaire should not be
records(s) that are required to completed.
demonstrate compliance with
If the answer to the question is
FDA regulations or that
“S: Ye s”,theni ndicateth ePr edicate
generate data that is required
Rule and section which applies: 210
by or submitted to the FDA?
sec 185
Q2 Do FDA regulations permit P:___ If the answer to the question is“No” ,
the use of electronic records then this system is NOT subject to the
for this required regulation under Part 11, and the rest
documentation? of this questionnaire should not be
completed.
Ifthea n swe ris“ No” ,
indicate the specific CFR
reference requiring these
records to be maintained in
paper format only.
____ CFR Part(s) _______
Q3 Is the computerized system S:Yes Ifthea nswe rtot h
equ
est
ioni
s“Ye
s”,
(all components) a closed then skip 11.30.
system whereby data and
Ifthea n swert othequ esti
oni s“ No”
,
system access is solely
then it is considered to be an open
controlled by the user
system, and 11.30 must be addressed.
companies personnel
(including their agents) who
are responsible for the
content of the electronic
records on the system?
Assessment
Reference Question Remarks
Result
11.10(a) Has the system been S:Yes Documentary evidence e.g. IQ/
validated in order to ensure PQ/OQ is provided upon request.
Preamble
accuracy, reliability,
clauses 64-
consistent intended
68
performance, and the ability
to discern invalid or altered
records?
When was it last validated or P:__.__.__ Please enter the date of validation of
revalidated? your software version.
(reference QPGs here)
e.g. 30.11.2003 for WINDOX 5.1.1.
Assessment
Reference Question Remarks
Result
11.10(a) - Is there a formal training S:Yes Documentary evidence e.g. IQ/
plan? PQ/OQ is provided upon request.
(continued)
- Has Performance S:Yes
Preamble
Qualification Testing
clauses 64-
been conducted?
68
Assessment
Reference Question Remarks
Result
11.10(b) Can a copy of a single record S:Yes Electronic format: Database copy
(in electronic format) be function.
(continued)
supplied to an inspector? In
Paper format: Report.
Preamble paper format?
clauses 69-
Can a copy of the entire S:Yes The database consists of three files.
70
database (in electronic They can be copied onto any medium
format) be supplied to an witht heope r
ati
ngs y
s t
em’ sfile
inspector? explorer.
Are procedures in place to S:Yes Please refer to the documentation and
describe HOW to accomplish t
h eon lineh e l
p,c h apt
er,“
Da taba se
these inspection tasks? Admi n ist
ration ”.
Are procedures in place to S:Yes On-line-Help contains a description
define what in format the of all Report template statements,
electronic records will be their value and format.
provided?
11.10(c) Are the records protected to S:Yes No measured data or data describing
ensure their accurate and the circumstances of the measurement
Preamble
ready retrieval throughout can be deleted from the database. If
clause 71
the record retention period? the database format is changed due to
an update, a conversion utility is
Are records protected on the S:Yes provided to ensure compatibility of
system to prevent old data to the new software.
unauthorized modification or
deletion?
Are data files written to a S:Yes Iti sthes ystema dministra tor’staskt o
protected directory or assign proper attributes to the
database table such that only directories in which the database(s)
personnel with high-level is/are located. The access rights of the
access privileges can access WINDOX database server are
the data files? “SYSTEM”l e vel,sotheda t
abase
files may be write-protected for
ev eryon ee xce pt“SYSTEM” .
Do system users have access S:Yes The WINDOX client-server database
to the data files or database concept supports a strict protection of
records, such that they could the database files. No ordinary user
accidentally or intentionally needs to have write access to the
modify or delete data files? database files.
Has any capacity planning P:___ Onmode rnPC’ sstorag ec apa ci
tyis
been performed? not a problem. After some time of
use, however, the size of the database
directory should be checked and
compared to the amount of free space
on disk.
Is there a written records P:___
retention policy?
Does it include electronic P:___
records?
Does it include audit trails? P:___ The audit trail information is stored in
the database, so it can never be
separated from the electronic records.
Assessment
Reference Question Remarks
Result
11.10(c) Describe the backup and P:___
restore process. Is there an
(continued)
SOP?
Preamble
Describe the data archiving P:___ The Sympatec WINDOX software
clause 71
process. Is there an SOP? If provides powerful functions to export
no, is all data kept on-line? and/or archive data records.
Does the SOP and actual P:___
practice ensure the archived
data is controlled and
maintained for the required
retention period?
Are any backups and/or P:___
archives duplicated (e.g., to
create off-site
backups/archives for disaster
recovery)? How is this media
protected?
Is the meta-data stored with S:Yes All data necessary to recalculate the
the archived data? measured results is stored.
Is virus software loaded and P:___
regularly updated to prevent
viruses corrupting data?
11.10(d) This requirement refers to both P:___
logical and physical access.
Is system access limited to
authorized individuals?
Is a username/password (or S:Yes Provided by the operating system
other logical security) Windows NT or 2000 or XP
required to access the
system?
Is there a security SOP that P:___
covers physical and logical
security, access
authorization, modification,
disabling/deleting periodic
checking of access, approval
by System Owner?
What controls limit physical P:___
access to the system?
Is there firewall protection to P:___:
prevent unauthorized access
from the Internet?
Assessment
Reference Question Remarks
Result
11.10(e) Is there a secure, computer- S:Yes Every data record is marked with
generated, time-stamped date, time, and user ID in the moment
Preamble
audit trail that independently of its creation. Records can be
references
records the date and time of divided into four types:
72, 73, 74,
operator entries and actions
75, 76, 77,
that create, modify, or delete description of the measurement
78, 93 setup: Such data can be altered if
electronic records?
the user has the privilege to do
Upon making a change to an S:Yes so, but only as long as no
electronic record, is measurement has been performed
previously recorded using these data. When used in a
information still available? measurement, such data can no
more be altered or deleted.
Are electronic audit trails S:Yes
kept for a period at least as measured data. Such data can
long as their subject never be modified nor deleted.
electronic records and
meta data of the system (mainly
available for agency review
properties of the measured
and copying?
powder): Such data can be
changed at any time, if the user
has the privilege to do so. An
audit trail of modifications is
maintained.
free commentary information and
additional user-defined
parameters: Such data can be
altered at any time. An audit trail
of modifications is maintained.
11.10(e) For each type of record in the Types of records are:
system, please address the
(continued) a) System data (e.g. detector number)
following questions:
Preamble b) Meta-data (product properties)
references
c) Measuring conditions
72, 73, 74,
75, 76, 77, d) Measured data
78, 93
e) User parameters
f) Comment to the measurement
After a measurement has been
performed, all related records except
types b) and f) are automatically
write-protected.
Does the system generate S: Yes Type b) and f) Every modification is
automatic, electronic audit logged by User ID, date and time, and
trail information (who, what, what was modified.
when)?
Does the audit trail include S: Yes The user can but need not add a
the reason for change (if reason for change.
required by the predicate
rule)?
Assessment
Reference Question Remarks
Result
Is the audit trail function S:Yes Itisonwh e nt heprog rami sin“ CFR
always ON, or is it turned rule11mode ” .Thismodes houl
d
OFF and ON manually? If permanently be ON. Only the
manual, who and what database administrator can switch it
triggers audit trail recording? OFF, but this is never necessary.
Does it get turned on early
So the risk to leave it switched OFF
enough in the process? Is it
inadvertently can be neglected.
reliable (i.e., can they forget
to turn it on)?
Does the audit trail capture S:Yes
every user action that creates,
modifies, or deletes records,
without exceptions?
11.10(e) When information is S:Yes
changed, does the audit trail
(continued)
record/save the previous
Preamble value?
references
72, 73, 74, Are audit trail entries made
S:Yes
75, 76, 77, at the time the
78, 93 action/operation was
conducted electronically?
Is the audit trail ever P:_____ The logging of modifications is fully
monitored or reviewed to transparent to the user.
detect possible misuse or
unauthorized activity?
Is it possible to reconstruct S:Yes
events (delete, modify, etc)
to any point in time by only
using the audit trail
information and the original
record?
Are electronic audit trails (all S:Yes There are reporting commands for the
or any part) readily available audit trail available.
for FDA review and
copying? In paper format?
Does the audit trail contain S:Yes The system uses the local time of the
date and time stamps? Can PC’ sope r
atings y s
tem.Apr ocedu ral
P:___
time local to the activity be control must define which time this
derived? is.
Are meaningful units of time S:Yes
chosen in terms of
documenting human actions?
(For example, seconds might
be used in a data collection
system while minutes might
be appropriate for a
document management
system.)
Assessment
Reference Question Remarks
Result
Is the audit trail completely S:Yes The audit trail can be reported by
transparent to, and outside certain operational commands.
the control and access of, the
The audit trail data is contained in the
user?
database and write-protected for
How is audit trail data S:Yes everyone.
protected from accidental or
intentional modification or
deletion?
11.10(e) System Administrators and S:Yes All actions of database administration
DBA’ stypi callyma ke and user administration are logged in
(continued) P:___
changes. Do those changes an administration log in the database,
Preamble have audit trails? If not, do which cannot be manipulated.
references procedural controls exist
72, 73, 74, over use of such
75, 76, 77, administrator tools?
78, 93
Does the records retention S:Yes
program cover audit trails?
Are electronic audit trails S:Yes
kept for at least as long as
their respective electronic
records?
What ensures that the system P:___ It is recommended that the system
time and date are correct? administrator disables the feature to
How frequently are the time change the system date and time for
and date synchronized with a all users except the administrator.
reliable source? This can be done by the local security
policy or the policy of the network
Can users readily change the P:___ domain.
system time/date?
Assessment
Reference Question Remarks
Result
11.10(g) This requirement refers to S:Yes The operating systems WinNT ,
functional access once a user logs Win2000 or WinXP feature a full
Preamble P:___
into the system access control including audit and
references
action in case of fraud.
82, 83, 84 Are authority checks in place
to ensure that only authorized The WINDOX4 software relies on
individuals can use the this access control. The
system, electronically sign a ph arma ceu t
icalc ompa ny’ss ys te
m
record, access the operation administrator grants or restricts
or computer system input or access rights to the application
output device, alter a record, software and the files or directories.
or perform the operation at Moreover, access to the Sympatec
hand? WINDOX administration programs
depends on a hardware key.
Are there different levels of S:Yes There are three proposed levels:
access based on user Developer, Operator, or Inspector.
responsibilities? But these levels are not fixed. All
relevant functions of the software can
- If so, what are they? be released or blocked individually
for every user of the computer.
Is there an SOP describing P:___
how these are assigned,
documented and controlled?
What process is followed to P:___
grant a new user access to the
system, or to change
privileges for an existing
user? Is it documented?
Are levels of access P:___
periodically reviewed?
Are authority checks used to P:___ The software supports such checks by
ensure that only authorized t
hepr og r
am,“ Admi nistrat
ionofUs er
individuals can use the Rights”.
system?
Are authority checks used to P:___ The software supports such checks by
ensure that only authorized t
hepr og r
am,“ Admi nistrat
ionofUs er
individuals can electronically Rights”.
sign a record?
Are authority checks used to P:___ The operating systems support such
ensure that only authorized checks.
individuals can access the
operation or computer
system input or output
devices?
11.10(g) Are authority checks used to P:___ The software supports such checks by
ensure that only authorized t
hepr og r
am,“ Admi nistrat
ionofUs er
(continued)
individuals can alter a record Rights”.
Preamble ?
Assessment
Reference Question Remarks
Result
references Are authority checks used to P:___
82, 83, 84 ensure that only authorized
individuals can perform the
operation at hand?
11.10(h) Are device checks used to N/A The system is operated locally by the
determine, as appropriate, the user who has most recently logged in.
Preamble
validity of the source of data No further check is necessary.
references
or operational instruction?
59, 85
Is it necessary to ensure that
the data source is identified?
If so, what are they? If so,
how are they identified?
Example –console commands for
a server are limited to the
console station
Another example –modem access
may be verified to ensure the
identify of the caller
11.10(i) Is there documentation to S:Yes S:Yes applies for development and
show that persons who maintenance.
Preamble P:___.
develop, maintain, or use
references
electronic records/signature
86, 87
systems have the education,
training, and experience to
perform their assigned tasks?
For internal persons, is there P:___.
evidence that they are
qualified for their job? (This
requirement may be met with
CVs, job descriptions,
training records, and a
training procedure that is
followed)
For external persons, is there S:Yes
evidence that they are
qualified to perform the work
for which they were hired?
(This requirement may be
met by having their resume
on file)
Is there an SOP covering S:Yes
user training?
Assessment
Reference Question Remarks
Result
11.10(i) Is there evidence of user P:___.
training?-
(continued)
Preamble Are there SOPs, company S:Yes
references requirements, job
86, 87 descriptions, etc., that
describe minimum
educational requirements
and/or work experience for
system developers? Support
staff?
What evidence exists of S:Yes University degrees in engineering,
suitable qualifications and/or mathematics or computer science.
proficiency for developers
and support personnel?
Assessment
Reference Question Remarks
Result
11.10(k) Is the system documentation P:___
maintained by the
(continued)
ph arma ceu ti
ca lcompa ny’s
Preamble revision control so changes
references can be determined and the
78, 92, 93 history of the documents is
obvious?
Are old copies of vendor P:___
documentation maintained to
provide a complete history of
the system?
Assessment
Reference Question Remarks
Result
11.30 Are there procedures and N/A (see Q3 above)
controls used to protect the
Preamble
authenticity and integrity of
references
the electronic records from
94, 95, 96,
the point of their creation to
97
the point of their receipt?
As appropriate, are there N/A
procedures and controls used
to protect the confidentiality
of the electronic records from
the point of their creation to
the point of their receipt?
Assessment
Reference Question Remarks
Result
Q6 Does the system use any S:Yes Identification code and password as
form of electronic signature standard.
that is intended to satisfy any Token and/or Biometric available at
regulatory or company additional costs.
requirement for a signature,
initials, approval,
authorization, etc.?
If‘S:Ye s
”,th
e nc hecka llt
hat
apply and continue with
11.10(j)
- Biometric
- Identification code and
password
- Identification
code/password and
Token
If“No” ,s ki
pth
ere
mai
ning
questions.
Be sure to differentiate between
“s
ign ature”a n d“ iden t
ificat
ion”.
If the intent is to use the applied
identification to authenticate the
electronic record, then the
identification is an electronic
signature.
If the intent is to merely identify
who did something, then the
identification is not an electronic
signature.
A question to help determine if
it
’ sa“ sign atu re”or
“ide nti
fication ”i s“I fIsig
n‘ J
ack
Ha n dy’,doe st ha tme anIh a
ve
attested that I did or saw
some thi
n g,ort hatI’ m
au thorizings omea ction?”
If you have to sign the paper
copy, you have to sign the
electronic copy.
Whether or not to use electronic
signatures is not the system
own e r’sch oice.Th ec h oiceis
whether to use electronic records
or not. That choice (plus the
predicate rules) dictates whether
electronic signatures are required
or not.
Assessment
Reference Question Remarks
Result
Q6 (A question to help determine if P:___
signatur
e sa rerequ ir
edi s“If
(continued)
these were printed out, would
you need to sign them? ”
)…
Does the predicate rule
require signatures on the
record?
Does company policy require P:___
signatures to be added to the
record?
Assessment
Reference Question Remarks
Result
11.50 Do the signed electronic S:Yes The user ID is stored because it is
records contain the following unique over a network. But the
Preamble
information associated with printed name is output in reports of
references
the signing: data, too.
98, 99, 100,
101, 102, 1. printed name of signer,
103, 104,
105, 106 2. date and time that the S:Yes
signature was executed
3. the meaning associated S:Yes
with the signature?
Is the full name (first and S:Yes Both, the user ID and the full name
last) displayed? The printed can be output.
name cannot be the User ID.
Is the meaning of the S:Yes
signature included?
Precision of time is based on S:Yes The time is milliseconds.
risk. For example, the time
might be reported in seconds
for a data collection system.
The time might be reported
in minutes for a document
management system.
Can the local time be derived S:Yes Both, local time and time zone are
if the system runs across time stored in the database.
zones?
Where is the time taken P:___ See comments above
from? Is it protected from (section 11.10 e))
change by the user?
Are ad-hoc queries/reports S:Yes It is possible to configure templates
allowed? If so, are there 4 for data output containing date/time
components in the screen and user ID of the author of a record.
displays and reports?
Are these items subject to the S:Yes
same controls as for
electronic records?
Are these items part of any S:Yes If proper output templates are used.
human readable form of the See above.
electronic record?
11.70 Is the electronic signature S:Yes
linked to their respective
Preamble
electronic record to ensure
references
that the signature cannot be
107, 108,
excised, copied or otherwise
109, 110,
transferred to falsify an
111, 112,
electronic record by ordinary
113
means?
Assessment
Reference Question Remarks
Result
Is the transfer of the S:Yes
signature to another record
prevented?
Is the record protected to S:Yes Data changes are recorded, and the
prevent changes after signing signature is made invalid when data is
or to force re-signing? changed.
11.100(b) Are the identities of the P:___ This is a standard task of the system
individual verified prior to administrator.
Preamble
the establishment,
references
assignment, and certification
117, 118
or otherwise sanctioning an
individu al’selectroni c
signature or any element of
an electronic signature ?
Has the contractor or P:___
temporary employee been
cleared by Security or
Human Resources to enter
the workplace?
Are controls in place to P:___
ensure that fake identities can
be discerned with high
reliability?
11.100(b) Are controls in place to P:___
verify that requestors are
(continued)
authorized to make requests
Preamble for an e-signature (i.e., on
references behalf of themselves or
117, 118 another user)?
Assessment
Reference Question Remarks
Result
Are individuals required to P:___
show id when they are given
their electronic signatures?
Are individuals requested to P:___
verify their identity if they
forget their password?
Assessment
Reference Question Remarks
Result
11.200(a) Does the e-signature employ S:Yes
at least two distinct
Preamble
identification components
references
such as User ID and
16,115,122
password?
–128 incl.
When an individual executes S:Yes
a series of signings during a
single, continuous period of
controlled system access, is
the first signing executed
using all the electronic
signature components?
When an individual executes S:Yes
a series of signings during a
single, continuous period of
controlled system access, is
each subsequent signing
executed using at least one
electronic signature
component that is only
executable by, and designed
to be used by, the individual?
When an individual executes P:___ The system administrator must
one or more signings not activate a password-protected screen
performed during a single, saver to ensure that the user must log
continuous period of in again after a break.
controlled system access, is
each signing executed using
all of the electronic signature
components?
Are the electronic signatures P:___
to be administered and
executed to ensure that the
attempted use of an
individu al’selectronic
signature by anyone other
than its genuine owner
requires the collaboration of
two or more individuals?
Are the electronic signatures P:___
only to be used by their
genuine owners?
Initial log on to the system S:Yes
requires the execution of the
identification code and
password.
Assessment
Reference Question Remarks
Result
11.200(a) The combination of these S:Yes
two components must be
(continued)
unique.
Preamble
references The first signing requires S:Yes
16,115,122 both components.
–128 incl.
Is there a definition for a P:___ We propose to set a password-
continuous session? protected screen saver to a certain
idle time.
Subsequent signings in the S:Yes
same session, requires only
the password (which is the
component known only to
the signer)
If, when resetting the P:___
account on some systems, a
“de fa
ult”pa sswor di s
assigned, is the user forced to
change the password
immediately upon log on?
When an identification code P:___
and password are used as the
electronic signature, is the
password unknown to
everyone, including the
System Administrator?
Are system tools used that P:___
might allow a System
Administrator to falsify
electronic records and/or
electronic signatures? If so,
are there procedures in place
to ensure adequate controls
over these activities?
Does the system/workstation P:___
log-out after a period of
inactivity?
Do procedures and training P:___
reinforce that non-biometric
electronic signatures must
not be shared or loaned?
Are safeguards in place that P:___
prevent one person from
forginga n otherpe rson’
s
electronic signature?
Assessment
Reference Question Remarks
Result
11.300(a) Are controls in place to P:___ Already covered in 11.100 (a)
ensure the uniqueness of
each combined identification
code and password
maintained, such that no two
individuals have the same
combination of identification
code and password?
Does a corporate policy P:___
exist?
Is uniqueness maintained P:___
historically?
Does the system check for S:Yes
duplicate Ids?
11.300(b) Are controls in place to P:___
ensure that the identification
Preamble
code and password issuance
reference
is periodically checked,
131
recalled, and revised?
Does a corporate policy P:___
exist?
11.300(d) Are transaction safeguards in S:Yes The system administrator must enable
use to prevent unauthorized the proper policy of the operating
P:___
use of passwords and/or system Windows NT or 2000 to fulfil
identification codes? this request.
Are transaction safeguards in P:___ See above.
use to detect and report in an
immediate and urgent
manner, any attempts at their
unauthorized use to the
system security unit, and, as
appropriate, to organizational
management?
Assessment
Reference Question Remarks
Result
11.300(d) Is there a procedure or system P:___ See above.
function that revokes sign-on
(continued)
privileges when an incorrect
combination of identification
and password are repeatedly
entered?
Has testing been conducted to P:___
ensureth at“inactive”us er
accounts cannot be activated
by unauthorized persons?
Are there procedures and P:___
appropriate training to assure
that users understand that
passwords are not to be
shared?
Does the system create alert P:___
messages for unauthorized
access attempts (e.g., access
violations)?
Is access frozen after a P:___
number of unsuccessful
attempts to log in?
Are“a
tt
emptsatu
nau
thor
ize
d P:___
us
e”defi
ned?
Are potential break-in P:___
attempts monitored in real-
time?
Is access violation reporting P:___
monitoring and escalation
addressed in a SOP?
I s“i
mme di a
tea ndu r
gent” P:___
defined? Is the procedure and
timing for notifying
management defined?
Does the procedure describe P:___
thes ec urit
yg roup’ s
responsibility and required
activities when notified of
possible security breaches?
Assessment
Reference Question Remarks
Result
11.300(c) Are there loss management P:___ It is up to the pharmaceutical
procedures in place to company to implement and/or use
Preamble
electronically deauthorize tokens or cards for access control.
reference
lost, stolen, missing, or Sympatec is ready to supply such
132
otherwise potentially devices but the current standard is
compromised tokens, cards, without.
and other devices that bear or
generate identification code
or password information?
Are there loss management P:___
procedures in place to issue
temporary or permanent
replacements using suitable,
rigorous controls ?
Does a corporate policy P:___
exist?
Is there a procedure to P:___
describe how temporary
replacements are handled?
Assessment
Reference Question Remarks
Result
11.300(e) Is periodic re-testing of P:___
devices conducted prior to
(continued)
putting new stock and/or
Preamble models into service?
reference
138 Are there testing steps to P:___
ensure that devices operate
with i
nt hema nu f
a cturer’s
operating parameters and
functional tolerances?
Assessment
Reference Question Remarks
Result
11.200(b) A properly designed and It is up to the pharmaceutical
implemented biometric-based company to implement and/or use
Preamble
electronic signature system biometric-based electronic signature
references
makes it unlikely that any systems (e.g. a fingerprint, a retinal
6,128
electronic signature could be pattern or a repeatable action like a
falsified. handwritten signature) for access
control. Sympatec is ready to supply
such devices but the current standard
is without.
Is the electronic signature P:___
designed to ensure that it
cannot be used by anyone
other than its true owner?
11.100
11.10
11.30
11.50
11.70
Attributes
1 Electronic Record Only
X
(Closed System)
2 Handwritten Signature
X X X
Executed to Electronic
Record (Hybrid)
3 Electronic Signature Based
X X X X X
upon Biometrics
4 Electronic Signature Based
X X X X X X
upon ID Code/Password
5 Electronic Signature Based
X X X X X X X
upon ID Code/Password
and Token
5 Support
If you need further support, please contact your local Sympatec After-Sales
Service.