 |
|
|
|
|
Function No. |
Function Description |
Mandatory/Desirable Requirement |
Location/Explanation of Function Documentation |
| F1 |
Operational
Requirements |
|
|
|
F1-1 |
Require that a
program be provided for the evaluation of measured values and
the statistical process control, using different measuring
devices to obtain the measured values. |
Mandatory |
This is basic
functionality in the MeasurLink Real-Time/Real-Time Plus SPC
data collection software. Detailed information is available in
the Set-up and Operation Guides for these products |
|
F1-2 |
Evaluations
require to be immediately updated after change in the set data.
|
Mandatory |
This is basic
functionality in the MeasurLink Real-Time/Real-Time Plus SPC
data collection software. Detailed information is available in
the Set-up and Operation Guides for these products |
|
F1-3 |
The program
should be based on a special data structure, which guarantees a
high degree of data security. |
Mandatory |
The relational
database used for MeasurLink® applications is developed using
Sybase® SQL Client/Server database tools and is base on a unique
data structure. Data integrity is ensured through SQL
transaction processing. Further documentation for the
MeasurLink® relational database is available in the Appendix
section of the Set-up and Operation Guides for MeasurLink®
products. |
|
F1-4 |
Produce various
types of definitive reports. |
Mandatory |
MeasurLink
Real-Time/Real-Time Plus SPC data collection software provides
various reporting options with customable features. Detailed
information for all reporting options is available in the Data
Collection Chapter of the Set-up and Operation Guides for these
products |
| F2 |
Security &
Password Confidentiality |
|
|
|
F2-1 |
Add/modify/delete
User profiles |
Mandatory |
The MeasurLink
Security Center, provided with all MeasurLink versions 5.0 and
above applications, has been recently redesigned to comply with
the 21 CFR Part 11 ruling of the FDA. Functional documentation
for these changes is provided in the MeasurLink supplemental
document; Operation Guide Supplement For MeasurLink®
Applications, Enhancements for FDA 21 CFR Part 11 Compliance.
|
|
F2-2 |
Assign Users to
User profiles |
Mandatory |
The MeasurLink
Security Center, provided with all MeasurLink versions 5.0 and
above applications, has been recently redesigned to comply with
the 21 CFR Part 11 ruling of the FDA. Functional documentation
for these changes is provided in the MeasurLink supplemental
document; Operation Guide Supplement For MeasurLink®
Applications, Enhancements for FDA 21 CFR Part 11 Compliance.
Adding/Moving Users to a Profile section |
|
F2-3 |
Add/modify/delete
Users |
Mandatory |
The MeasurLink
Security Center, provided with all MeasurLink versions 5.0 and
above applications, has been recently redesigned to comply with
the 21 CFR Part 11 ruling of the FDA. Functional documentation
for these changes is provided in the MeasurLink supplemental
document; Operation Guide Supplement For MeasurLink®
Applications, Enhancements for FDA 21 CFR Part 11 Compliance.
|
|
F2-4 |
Unique User ID &
password combination to gain access. |
Mandatory |
A user must have
an assigned, unique User ID, a valid passwords, and proper
authority to gain access to any MeasurLink application.
Functional documentation for these requirements is provided in
the MeasurLink supplemental document; Operation Guide Supplement
For MeasurLink® Applications, Enhancements for FDA 21 CFR Part
11 Compliance. |
|
F2-5 |
Auto-logoff after
a period of 10 mins. |
Mandatory |
A session
time-out period may be set for each user individually. This
period can be set from 1 minute to several hours. Functional
documentation for this feature is provided in the MeasurLink
supplemental document; Operation Guide Supplement For
MeasurLink® Applications, Enhancements for FDA 21 CFR Part 11
Compliance. Password Setup section |
|
F2-6 |
Passwords must
not be displayed on the screen as they are entered. |
Mandatory |
Passwords are
never displayed on the screen and encrypted when held in
storage. Functional documentation for this feature is provided
in the MeasurLink supplemental document; Operation Guide
Supplement For MeasurLink® Applications, Enhancements for FDA 21
CFR Part 11 Compliance. Password Setup section |
|
F2-7 |
Passwords must
always be encrypted when held in storage for any significant
period of time or when transmitted across the network. One-time
passwords are accepted. |
Mandatory |
Passwords are
never displayed on the screen and encrypted when held in
storage. Functional documentation for this feature is provided
in the MeasurLink supplemental document; Operation Guide
Supplement For MeasurLink® Applications, Enhancements for FDA 21
CFR Part 11 Compliance. Password Setup section |
|
F2-8 |
Passwords must
never be embedded in sign-on utilities. For example, an
unauthorized user must never be able to authenticate at sign-on
merely by using a function key or by running an available
program. |
Mandatory |
No embedded
sign-on functionality has been introduced to any of the
MeasurLink applications. User passwords must be successfully
entered manually at the Log In prompt to gain access to a
MeasurLink application. |
|
F2-9 |
Passwords must
never be hard-coded in source code, command files, scripts or
installation kits. |
Mandatory |
The initial
password for the administrative User ID is contained in the
MeasurLink database upon installation. A user will be required
to change this password the first time a login with this User ID
is attempted. This password cannot be used to access any of the
MeasurLink applications. No other User IDs or passwords exist in
the MeasurLink database and none can be created until this
initial administrative log on and password change takes place.
Functional documentation for this is provided in the MeasurLink
supplemental document; Operation Guide Supplement For
MeasurLink® Applications, Enhancements for FDA 21 CFR Part 11
Compliance. Logging in for the First Time section |
|
F2-10 |
Passwords must
have a minimum length of six (6) characters. |
Mandatory |
Passwords must
have length of 6 to 12 characters and are case sensitive. A
user’s previous 5 passwords cannot be repeated. Functional
documentation for these features is provided in the MeasurLink
supplemental document; Operation Guide Supplement For
MeasurLink® Applications, Enhancements for FDA 21 CFR Part 11
Compliance. Password Setup section |
|
F2-11 |
Passwords must be
changed at least every ninety (90) days. System should prompt
the User to change the password. |
Mandatory |
A password
expiration period can be set for each user individually. The
default password expiration period will require users to renew
their passwords every 90 days. This period can be modified to
require users to renew passwords from 1 to 365 days. Functional
documentation for this feature is provided in the MeasurLink
supplemental document; Operation Guide Supplement For
MeasurLink® Applications, Enhancements for FDA 21 CFR Part 11
Compliance. Password Setup section |
|
F2-12 |
Temporary and
initial passwords must be marked as expired, and the user must
be required to change the password at the first use. |
Mandatory |
MeasurLink
Security requires all initial and temporary passwords to be
changed by a user the first time a log on is attempted. Initial
and temporary passwords cannot be used to access a MeasurLink
Application. Functional documentation for this feature is
provided in the MeasurLink supplemental document; Operation
Guide Supplement For MeasurLink® Applications, Enhancements for
FDA 21 CFR Part 11 Compliance. Password Setup section
|
|
F2-13 |
User-chosen
passwords must not be reused for five (5) iterations.
|
Mandatory |
Passwords must
have length of 6 to 12 characters and are case sensitive. A
users previous 5 passwords cannot be repeated. Functional
documentation for these features is provided in the MeasurLink
supplemental document; Operation Guide Supplement For
MeasurLink® Applications, Enhancements for FDA 21 CFR Part 11
Compliance. Password Setup section |
|
F2-14 |
Proper proof of
identification must be provided before changing a password.
|
Mandatory |
Proper proof of
identification must be provided in the form of the unique User
ID and a password before a Login or password change is allowed.
Functional documentation for this feature is provided in the
MeasurLink supplemental document; Operation Guide Supplement For
MeasurLink® Applications, Enhancements for FDA 21 CFR Part 11
Compliance. Password Setup section |
|
F2-15 |
If a resigning or
terminated staff member was responsible for system
administration, all relevant passwords must be changed
immediately. |
Mandatory |
Someone with
proper authority can change a password for any user at any time.
Functional documentation for this is provided in the MeasurLink
supplemental document; Operation Guide Supplement For
MeasurLink® Applications, Enhancements for FDA 21 CFR Part 11
Compliance. Password Setup section |
| F3 |
Audit Trails
|
|
|
|
F3-1 |
Person
Responsible |
Mandatory |
MeasurLink
supports audit trails for login/logout, data entry, data
modification, and data deletion. These audit trails are
generated for users through use of Security Center and Process
Traceability functions. Documentation for Security Center is
provided in the MeasurLink supplemental document; Operation
Guide Supplement For MeasurLink® Applications, Enhancements for
FDA 21 CFR Part 11 Compliance. Detailed information for setting
up Process Traceability is available in the Traceability Lists
Chapter of the Set-up and Operation Guides for these products.
|
|
F3-2 |
Date and time
stamp |
Mandatory |
All data sets
collected by MeasurLink® applications and stored to the
MeasurLink® relational database are assigned a data Run ID. This
mandatory field is used to identify the sets of data collected
for a selected inspection routine. The default value is set to
the current date and time with the format “yyyy/dd/mm hh:mm:ss”
with hours based on a 24-hour clock. Further documentation for
the MeasurLink® Run ID date and time stamp is available in the
Data Collection section of the Set-up and Operation Guides for
MeasurLink® data collection applications. |
|
F3-3 |
User action/entry
(e.g. logging in/out, creating, modifying and deleting records).
|
Mandatory |
MeasurLink
supports audit trails for login/logout, data entry, data
modification, and data deletion. These audit trails are
generated for users through use of Security Center and Process
Traceability functions. Documentation for Security Center is
provided in the MeasurLink supplemental document; Operation
Guide Supplement For MeasurLink® Applications, Enhancements for
FDA 21 CFR Part 11 Compliance. Detailed information for setting
up Process Traceability is available in the Traceability Lists
Chapter of the Set-up and Operation Guides for these products.
|
| F4 |
Backup
|
|
|
|
F4-1 |
System allows
backup & restore of electronic data |
Mandatory |
The relational
database used for MeasurLink® applications is developed using
Sybase® SQL Client/Server database tools and can be maintained
on a database server. This relational database can work directly
with a multi-user Client/Server database system (purchased
separately by the user) and can be archived and restored via the
host database management system. Further documentation for the
MeasurLink® relational database is available in the Appendix
section of the Set-up and Operation Guides for MeasurLink®
products. |
|
F4-2 |
Backup can be
setup to occur automatically |
Mandatory |
The relational
database used for MeasurLink® applications is developed using
Sybase® SQL Client/Server database tools and can be maintained
on a database server. This relational database can work directly
with a multi-user Client/Server database system (purchased
separately by the user) and can be archived and restored via the
host database management system. Further documentation for the
MeasurLink® relational database is available in the Appendix
section of the Set-up and Operation Guides for MeasurLink®
products. |
| F5 |
Data Integrity
|
|
|
|
F5-1 |
System has
ability to detect/prevent alteration of electronic data.
|
Mandatory |
MeasurLink® data
collection applications maintain an audit trail of observation
data that has been modified. This audit record can be retrieved
in a summary report using the reports function. Further
documentation for reporting functions and modifying observation
data is available in the Data Collection section of the Set-up
and Operation Guides for MeasurLink® data collection
applications.The ability to edit data can be limited to
authorized users via Security Center and prevented completely by
assigning an e-signature to data sets via MeasurLink® Process
Analyzer. For a description of the security access levels, see
the Security chapter of the Set-up and Operation Guide.
Functional documentation for using e-signature functions is
provided in the MeasurLink supplemental document; Operation
Guide Supplement For MeasurLink® Applications, Enhancements for
FDA 21 CFR Part 11 Compliance, e-signature section. |
|
F5-2 |
Complete copies
of data can be produced. |
Mandatory |
Simple data
export functions are available in all MeasurLink® data
collection applications and MeasurLink® Process Analyzer.
Process Analyzer also provides a spreadsheet function portable
to Microsoft® Excel. All MeasurLink® applications have report
functions capable of producing SPC charting and data analysis.
Functional documentation for these features is provided in the
Set-up and Operation Guides for these products. |
| F6 |
Electronic
Signature |
|
|
|
F6-1 |
The User will be
required to approve & sign-off on quality critical records
electronically to prevent accidental or deliberate record and
signature falsification. |
Mandatory |
Each authorized
user will have a unique e-signature base on their User ID and
password. Functional documentation for using e-signature
functions is provided in the MeasurLink supplemental document;
Operation Guide Supplement For MeasurLink® Applications,
Enhancements for FDA 21 CFR Part 11 Compliance, e-signature
section. |
|
F6-2 |
The e-sign will
be unique to one individual. |
Mandatory |
Each authorized
user will have a unique e-signature base on their User ID and
password. Functional documentation for using e-signature
functions is provided in the MeasurLink supplemental document;
Operation Guide Supplement For MeasurLink® Applications,
Enhancements for FDA 21 CFR Part 11 Compliance, e-signature
section. |
|
F6-3 |
The e-sign will
be based on 2 distinct components. |
Mandatory |
Each authorized
user will have a unique e-signature base on their User ID and
password. Functional documentation for using e-signature
functions is provided in the MeasurLink supplemental document;
Operation Guide Supplement For MeasurLink® Applications,
Enhancements for FDA 21 CFR Part 11 Compliance, e-signature
section. |
|
F6-4 |
During a
continuous session the password is executed at each signing.
|
Mandatory |
Every application
of an e-signature will require password verification. Functional
documentation for using e-signature functions is provided in the
MeasurLink supplemental document; Operation Guide Supplement For
MeasurLink® Applications, Enhancements for FDA 21 CFR Part 11
Compliance, e-signature section. |
