21 CFR Part 11 Feature and Compliance Tables

for MCC ActiveX DLL Code Component

 

o       Easily integrated into any Windows application

o       Code can be shared among many applications

o       Can be used by any OLE automation client, including all VBA-based applications and other Windows development languages

o       Less than 200 KB

  

Features:

 

Ø     Password protection

·       The levels of authorized access include: User, Supervisor, and Maintenance.

o      Operator can do any routine task of the host program

o      Supervisor can everything Operator can do plus add/edit/delete User Names / Passwords and display Audit Trail (current & historical)

o      Maintenance User can: change system settings, such as calibration, etc.

·       The host program decides which activity is governed by access level control

·       User name is case insensitive, password is case sensitive

·       Passwords are required to have at least 6 characters, including 1 numeric and 1 alpha

·       Logout results in an immediate Login screen

·       Password aging feature.  The length of aging period is under the host program control.

·       Proper login or program termination is required after a period of inactivity. The length of such period is under the host program control.

·       Failed password logons trigger audit trail

·       User names and passwords are stored in a MS Access Database that is itself protected by the Master Password

·       Assured uniqueness of every user name – password combination

·       User friendly password control that allows multiple sessions of add / edit / delete

·       Authorization (special login) required for password control (Authorizing User is not necessarily the Current User)

·       Vendor logo optional on all login and password control screens

·       Master Password for system maintenance

 

Ø     Audit Trail

·       Audit Trail is designed to record important actions, including modification of files and folders. The host program decides which activity is governed by audit trail control

·       New Audit Trail file is created each time the host program is run. The host program can specify the folder for Audit Trail files.

·       Audit Trail files are tagged / named with the use of Date and Time of creation

·       Audit Trail file maintenance (backup, deletion) is governed by procedural control (SOP)

·       Some user actions (as decided by the host program) may require a reason entry. The program does not proceed until the reason for change is given,

 

Ø     General

·       It is the host program responsibility to ensure that all vital data and reports have read-only attributes.

·       Touch Screen functionality enabled

·       This version is applicable to closed (stand-alone) systems.

 

 

21 CFR Part 11 Functions:

 

Paragraph

Product Function

Compliance

Subpart B – Electronic Records

Sec. 11.10 Controls for closed systems

11.10

Elaborate security controls and audit trail to ensure the authenticity, integrity and confidentiality of electronic records.

 

         Ö

11.10(a)

The 21CFR11 ActiveX have been developed and validated using FDA guidelines. The software rejects invalid data.

 

         Ö

11.10(b)

There is a variety of means to generate copies of records in human readable for suitable for inspection, review and copying. The host program should ensure that all system generated data files, reports and plots are read-only. The 21CFR11 ActiveX generated audit trail records are read-only.

 

         Ö

11.10(c)

Records should be protected by restricting access to authorized users. The host program will use the 21CFR11 ActiveX access levels to control the flow of information.

 

         Ö

11.10(d)

The 21CFR11 ActiveX provides a multiple level of password control. Individual levels of authorized access include: User, Supervisor, and Maintenance. 

 

         Ö

11.10(e)

A comprehensive audit trail should capture all significant user actions and system conditions, including actions that create, modify or delete data or user ID/passwords.  Audit trail records include date, time, user ID, the printed name of the user, action, and reason for action. Audit trail files can be copied and printed out.

 

         Ö

11.10(f)

The host program should make sure that only permitted sequences of steps are allowed.

         Ö

11.10(g)

All functions should check access authority.

         Ö

11.10(h)

The source of data should be verified through electronic means.

         Ö

11.10(i)

SOP

N/A

11.10(j)

SOP

N/A

11.10(k)

SOP

N/A

11.30

This version of the 21CFR11 ActiveX is designed for closed systems.

N/A

11.50

This version of the 21CFR11 ActiveX does not use the electronic signatures of electronic records.

 

N/A

11.70

This version of the 21CFR11 ActiveX does not use the electronic signatures of electronic records.

 

N/A

Subpart C – Electronic Signatures

11.100

This version of the 21CFR11 ActiveX does not use the electronic signatures of electronic records.

N/A

11.200

This version of the 21CFR11 ActiveX does not use the electronic signatures of electronic records.

 

N/A

11.300 – Controls for identification codes/passwords

11.300

The 21CFR11 ActiveX provides a multiple level of password control. Individual levels of authorized access include: User, Supervisor, and Maintenance. 

 

         Ö

11.300(a)

System requires that each User ID and password combination is unique.

 

         Ö

11.300(b)

Password aging feature is enabled. If password has expired, a user with proper authority is required to enter a new password for a unique user name – password combination.

 

Ö

11.300(c)

Supervisor and Maintenance level access has authority to disable user accounts and to reset passwords.

 

         Ö

11.300(d)

3 or more invalid login attempts are recorded in audit trail.

Ö

11.300(e)

SOP

N/A