0 оценок0% нашли этот документ полезным (0 голосов)
27 просмотров7 страниц
This second installment explains the practical and technical implications of 21 CFR Part 11. Access security is typically ensured with a number of behavioral controls or policies. If the access security functions of a chromatographic data system do not reuse the security mechanisms in the operating system, managing the security model of the data system requires additional administrative effort.
This second installment explains the practical and technical implications of 21 CFR Part 11. Access security is typically ensured with a number of behavioral controls or policies. If the access security functions of a chromatographic data system do not reuse the security mechanisms in the operating system, managing the security model of the data system requires additional administrative effort.
This second installment explains the practical and technical implications of 21 CFR Part 11. Access security is typically ensured with a number of behavioral controls or policies. If the access security functions of a chromatographic data system do not reuse the security mechanisms in the operating system, managing the security model of the data system requires additional administrative effort.
access to, altering, or deleting records in a system. Access security is typically ensured with a number of behavioral controls or policies that are backed up and enforced by appropriate security mechanisms implemented on a companys information systems. The first article in this series, which appeared in the November 1999 issue of BioPharm, provided an overview of 21 CFR Part 11, the regulation governing electronic signatures and records in analytical laboratories (1). It concluded with key recommendations for implementing a paperless record system in analytical labs. This second installment explains the practical and technical implications of Part 11 regarding access security, user rights, and audit trails in data systems that are used in such labs. It examines the relevance of appropriate security settings and password policies on laboratory computers and how todays chromatographic data systems do or do not make use of the security settings available to them. If the access security functions of a chromatography data system do not reuse the security mechanisms in the operating system, managing the security model of the data system requires additional administrative effort. We conclude by discussing the importance of task-specific access privileges in relation to current work practices in analytical laboratories not only to ensure confidentiality, but also to eliminate human mistakes or accidental loss of data. Wolfgang Winter and Ludwig Huber Implementing 21 CFR Part 11 in Analytical Laboratories Part 2: Security Aspects for Systems and Applications Wol f gang Wi nt er is product manager, data systems, and corresponding author Ludw i g Huber is worldwide product marketing manager, HPLC, at Agilent Technologies GmbH, PO Box 1280 D- 76337, Waldbronn, Germany, +49 7243 602 209, fax +49 7802 981 948, ludwig_huber@agilent.com. A H o w c a n yo u b e su re o n ly a n a u th o rize d u se r is e n te rin g d a ta in yo u r syste m ? I s yo u r e le c tro n ic sig n a tu re yo u rs a lo n e ? A re yo u su re o p e ra to rs c a n t in va lid a te yo u r d a ta ? I s yo u r c o m p a n y in c o m p lia n c e with F D A d a ta se c u rity re g u la tio n s? T h is se c o n d a rtic le in th e c o n tin u in g se rie s o n im p le m e n tin g 2 1 C F R P a rt 1 1 , th e e le c tro n ic sig n a tu re s a n d re c o rd s re g u la tio n s, will h e lp a n swe r th o se q u e stio n s. Access Security Procedures should be in place to allow access into a companys information system to authorized users only (2). For computer systems, access can be limited in two ways: through physical or logical security (3). Control of physical access to laboratories is normal in regulated and accredited facilities. It is difficult for unauthorized individuals to walk into a quality control lab at a pharmaceutical company. But does that mean someone can not access that companys data systems, and inspect or even manipulate its data records? Without dedicated security mechanisms that is, without logical security built into the data system, fraud, error, and misuse are almost unavoidable. FDA has already issued regulatory citations for such violations because sloppy security mechanisms affect the quality of medical device system regulations. In one example, FDA cited . . . failure to establish and maintain procedures to control all documents that are required by 21 CFR 820.40, and failure to use authority checks to ensure that only authorized individuals can use the system and alter records, as required by 21 CFR 11.10(g). For example, engineering drawings for manufacturing equipment and devices [were] stored in AutoCAD form on a desktop computer. The storage device was not protected from unauthorized access and modification of the drawings. (4) Whogets access?Secure access to a companys information system is a decision for the information technology (IT) specialists charged with administrating those systems. Modern operating systems deployed in the professional IT environment support many security methods, but programming those security precautions requires knowledgeable, careful management and appropriate configuration. Without adequate security and password policies, the proper service release (also called a service pack, a release that fixes defects), and appropriate configuration settings, even an operating environment that is typically associated with security like Microsoft Windows NT (NT) is wide open to the mismanagement of data. Secure access to an information system requires user accounts. Each authorized user on the system is assigned an appropriate login to the system that typically consists of a user name or user identification (user ID) and a password. When assigning login Regulat ory Mat t ers Regulat ory Mat t ers Regulat ory Mat t ers Password Policies User authentication and the confidentiality of passwords are void when those ID parameters are shared between individuals. The following quote from an FDA warning letter illustrates that common failure in complying with the requirements of Part 11. An employee user name and computer password were publicly posted for other employees to use to access the Data Management System. During the inspection another employee who did not have an established user name or password was observed obtaining access to the Data Management System utilizing the posted user name and password. Three previous employees, who had terminated employment in 1997 and 1998, still had access to critical and limited Data Management System functions on March 18, 1999. (5) Howcanpasswords bekept secure?In sections 11.200 Identification Mechanisms and Controls and 11.300 Controls for Identification Codes/Passwords, 21 CFR Part 11 states requirements for identification mechanisms used for executing electronic signatures: The identification mechanisms shall be used only by their genuine owners, and need to be administered and executed to ensure that attempted use of an individuals electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals. The technical answer to that FDA requirement is to implement appropriate policies that ensure security, integrity, authenticity, and confidentiality of identification codes in the computer system. One common problem with secure restricts individuals data access to only the servers, programs, and files they require. It is also possible to assign private data shares to each individual, ensuring confidentiality and file integrity for that individuals work. System administrators can create and implement those profiles quickly and efficiently with appropriate administration scripts. One disadvantage of user profiles remains however. No matter how well the user profiles are implemented, they are always an external measure bolted onto the outside of a data system. The records inside the data system (the raw data, the results, and the metadata that transform the former into the latter) can have intrinsic dependencies that are difficult or even impossible to control and manage from the outside. A data system must manage the integrity and security of its records using its own internal logic of how the individual pieces are linked together. Otherwise the integrity of results and raw data will depend on the system administrators experience with and knowledge of the particular data system. When selecting a data system to implement 21 CFR Part 11 regulations, choose a vendor that offers a specific organization or revision scheme for the electronic records your company produces, maintains, and archives. So-called solutions based solely on standard file server functions can depend on manual or semimanual data organization and will therefore be more susceptible to human errors than integrated data organization systems. credentials, the system administrator uses a convention that correlates each individual with an ID, by using the individuals last name and enough letters of the first name to make that ID unique within the IT environment. For example, if my login name on a corporate UNIX system were wwinter, my user ID would be combined with a password that only I would know, and the combination of my user ID and password would be unique to my companys system, so that the combination would become equivalent to my handwritten signature. The beauty of that concept is that in most cases, the unique combination of user ID and password is already implemented by the local IT department using conventions and built-in functions of the operating system; IT does not have to reinvent the process for the data system. Therefore, the data system is compatible with the operating environment promoted by the local IT department, and user authentication of data security is automatic. An ideal data system compliant with 21 CFR Part 11 would use security mechanisms provided in the operating system. That would prevent extra effort in managing users and their access rights in and out of the laboratory. Today, corporations manage complex work groups or domains that spread across building sites, cities, or even continents. Whogets access towhat?Resolving that question is far trickier than the first. Secure operating systems typically will use a mechanism called permissions, granting or prohibiting each users access to certain records, files, or programs. What permissions attempt to address is how to ensure that users can modify their own records but only read (not change) the records of other users. In theory, careful administration of individual file and directory permissions can make that happen. In fact, many current chromatography data systems require a system administrator to control and manage access permissions to individual files and directories on local hard disks and file servers. That is where user profiles can become extremely useful. The Role of User Profiles User profiles in operating systems such as NT are helpful in consistently managing the access rights of a number of users with different job roles, responsibilities, and training levels. A well-implemented profile Figure 1. Password policy settings in Windows NT. include: (1) Requiring an individual to remain in close proximity to the workstation throughout the signing session; (2) use of automatic inactivity disconnect measures that would de-log the first individual if no entries or actions were taken within a fixed short timeframe; and (3) requiring that the single component needed for subsequent signings be known to, and usable only by, the authorized individual. (7) When selecting a data system for implementing 21 CFR Part 11 in the laboratory, confirm the availability of tools in the program against impersonation, the reuse of another users credentials. A number of analytical vendors have already published technical notes on that security issue (8,9). User Access Rights The next question deals with what user- based access restrictions should apply to an electronic signature (e-sig) compliant data system according to section 11.10 of the rule. Apparently, it is insufficient to merely restrict system access to a group of individuals without differentiating their responsibilities, knowledge, or charter. Users could inadvertently modify system settings in a way that affects the integrity or security of the records. That is particularly true for system administration settings. Clearly, system administrators need to adhere to written policies and only a few users should have system administration- type access. In comment 83 of the rule, FDA explains the need for that type of system access control. duplicate passwords, once for the operating system and once for the data system. In many cases, laboratory data systems provide only limited or no account policy functions compared with the functions available in the operating system. Limited or nonexistent account security in data programs would make implementing 21 CFR Part 11 difficult. Laboratories must examine the different account policies available from vendors. A vendor solution that directly ties into the operating system security scheme is the most pragmatic and future-proof solution. An upcoming article in this series will discuss the benefits of such an open and generic approach when it comes to integrating additional security and authentication mechanisms (like encryption technology or biometrics) in the future. Howtoprevent access usingappropriatedlogins. A practical and secure identification system must cover the potential threat of actions performed on electronic records by people using the credentials (user name and password) of others. That typically takes place when the first user inadvertently leaves the computer session open during an interruption of a task. Another core requirement of Part 11, stated in comment 63, is to reduce the likelihood that someone can readily repudiate an electronic signature as not his or her own, or that the signed record had been altered. In comment 124 of the rule, appropriate countermeasures are explained in greater detail: The agency believes that, in such situations, it is vital to have stringent controls in place to prevent the impersonation. Such controls passwords is that they can be hard for their owners to remember. If passwords are easy to remember, they may be guessed by another person or identified by an appropriately designed password cracker program (6). In the early days of secure operating systems, system administrators worked out password policies. Sometimes the policies resulted in passwords that were so secure that ordinary users had to write them down to remember them! In practice, a trade-off has to be found that protects an individuals password from external access but that is nevertheless minimally convenient for its bearer. See the Password Policies box. Operating systems such as NT support account policies (Figure 1). An account policy specifies how passwords must be defined and employed for all user accounts on a system. It specifically addresses the issue of locking a user account because of invalid logon attempts. An important aspect of an account policy is for a company to have a common approach to all settings needed. For example, a company would set the security policy in the operating system because such a setting would then be applicable to all programs residing in its client PCs. Managing account settings is typically a system administration task centrally fulfilled by corporate IT departments. That administrative burden is duplicated on the laboratory data system if its internal security design does not tie into the security mechanism of the operating system. Such a lack of integration results in the need to manage duplicate user accounts and SYSTEM integrity m ay be im peached even if the electronic records them selves are not directly accessed. Figure 2. Temporarily disabling a user account in user manager of NT. Regulat ory Mat t ers also be greatly eliminated by calling the user back at a preconfigured telephone number after successful authentication (dial-back). Service Account Logins Another frequent concern is logins for service or maintenance personnel. Most vendors of chromatography data systems configure a specific user account on a particular computer that can be used by the service engineer during installation, configuration, and maintenance of the data system. Especially on data systems that operate under NT, the vendors service engineer requires administrator rights to install software, configure NT services, or install drivers for instrument-specific hardware. The vendors original idea was to protect data and ensure service by not requiring a system administrator to be present or to share his or her login code with the vendors service engineer. (Under the provisions of 21 CFR Part 11, sharing an administrator login means the system administrator could log onto the chromatography data system using private user names and passwords. The shared account would not have access rights within the chromatography data system, so each particular individual is traceable and accountable for the data. The user ID and password of a shared logon would not qualify as an electronic signature. Remoteaccess. Many organizations with continuous operations require remote access to data systems for call-on-duty laboratory personnel. If designed carefully, remote system access fulfills the technical control requirements for closed system environments outlined in 21 CFR Part 11, even if it is established using public service providers. Such access must be limited to authorized personnel and must authenticate users by requiring their user ID and password. Password security can be enhanced by using so-called smart-cards that generate unique passwords that are valid only for a few minutes and that are synchronized with a password server on the dial-in system. Possibilities for misuse can System access control is a basic security function because system integrity may be impeached even if the electronic records themselves are not directly accessed. For example, someone could access a system and change password requirements or otherwise override important security measures, enabling individuals to alter electronic records or read information that they were not authorized to see. (7) The term used by the rule is authority check. Does that necessarily mean a system administrator must assign and determine the access privileges for each user? According to comment 83 of the rule, organizations do not have to embed a list of authorized signers in every record to perform authority checks. For example, a record may be linked to an authority code that identifies the title or organizational unit of people who may sign the record. Thus, employees who have that corresponding code, or belong to that unit, would be able to sign the record. (7) The conclusion of some analytical data system vendors is that security in data systems may require user access to be configurable based on job role or duties. Each company decides which computer tasks are permissible for which users according to their job roles. Tasks that require an electronic signature are configurable in the same way, so those decisions depend on the labs policy, not on the vendors worldview. Shareddesktops. One workplace practice with compliance-related issues is frequently found in laboratories where multiple users operate several instruments controlled by the same computer. For example, in production or process control environments each computer often controls multiple chromatographs used by more than one operator. In such environments, user authentication using the NT operating system login is inconvenient because changing the currently logged-on user requires shutting down the current session. Depending on the data systems implementation, that could affect data acquisition from other instruments. Executing the user profile, establishing network connections, and restarting the applications makes that a slow and inconvenient security method. A good solution would be a shared logon to a computer running NT (a shared desktop) that requires individual operators to Carefully designed password policies minimize the possibilities for passwords to be known to persons other than their righteous owners. The following guidelines should be considered in order to establish an effective and practical password policy. 1. Nobody, including the system administrator, should know the password of other users on the system. A compliant password policy requires users to change their password when they log on for the first time. 2. Passwords should have a minimal length of at least 6 characters. Requiring more than 8 characters can make passwords too hard to remember and too inconvenient to type accurately. 3. Passwords should contain a combination of letters, numbers, and punctuations (;,.!-+?_:) 4. Passwords must not use personal information like names, license plates, phone numbers because they can be easily guessed. 5. Passwords should not consist of words that can be found in a dictionary. 6. Mixing upper case and lower case in the same password makes it hard to spy passwords while they are typed 7. A user account should be disabled or locked after three unsuccessful login attempts. 8. Passwords should be changed regularly; six to eight weeks appear to be practical periods. With shorter periods, the password change is perceived as a nuisance, and users are more likely to write their passwords down in order to remember them. A good password policy therefore uses "password aging". 9. The password policy should prevent users from alternating between two or three passwords only. The number of passwords "remembered" by the policy should be greater than the number of allowed unsuccessful login attempts (see 7 above). A good password policy uses a password history of five. 10. An effective password policy only works if the users appreciate its value. As expressed by the FDA, company policies need to exist that hold individuals accountable for their actions on electronic records. I handle electronic records with more care if I am aware that my electronic signature on that record is legally binding! PASSWORD POLICIES repudiate an activity that was signed for by stating that someone else was working with the system using that login.) However, some companies view the existence of a service account with administrative privileges as a clear violation of data system security. Our recommendations for solving that practical problem follow. Define and implement the procedural controls that must be followed by a vendors service engineer who needs access to your data system. Consider creating serviceuser accountsin your data systems security policies. If a service user account with administrative privileges is required for support or maintenance reasons, create that account on the systems themselves. Disable the service user account (Figure 2) when it is not in use. The authorized system administrator should enable the service user account only when the vendors service engineer requires access to the data system. For the service account, implement a user profilethat prevents access to confidential data on the file servers. If the data system allows configuring user- specificaccess rights, disable those rights on the service account that could affect the security and integrity of data on that PC by allowing deletions, reprocessing of analyses, approval or rejection of results, or modification to methods, for example. If the task requires a service or maintenance engineer to have administrative rights that would allow execution of tasks related to data security, his or her activities shouldbesupervisedby the system administrator. If the vendors representatives are adequately trainedon the data integrity requirements of Part 11, the activities planned by the service engineer can be reviewed and preagreed to by the responsible system administrator without the necessity to supervise each step. Access security determines who is allowed to log on to a system locally or from the network and puts mechanisms in place that prevent unauthorized persons from gaining access to the computer system. Most operating systems offer several different types of access privileges that can be granted or denied to specific users or groups of users. Administrativeprivilegeor systemadministrationis the responsibility for maintaining a multiuser computer system and managing the security of the computer network for setting new user accounts and the privileges and access available to specific users, for example. Application. A software program that is installed on a computer to perform certain tasks, which only some employees may be allowed to access. Appropriatedloginor impersonation. Someone using an authorization code, usually user ID and password, of another person, usually to secure access to network resources for which he or she doesnt have privileges or authorization. Can be intentional or not. Audit trail. A computer-generated and timestamped record of who did what, when. Part 11 requires the audit trail to be generated independently of the operator. The audit trail must capture all activities related to creating, modifying, and destroying records on a system. Authenticationmechanisms, authority checks, or authorizedsigners. Distinct from authorization that grants or denies access to a network resource, authentication programs are used by system administrators to establish and verify as conclusively as possible that a person logging in to the network is who he or she claims to be. FDA says authority checks are to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system, input or output device, alter a record, or perform operations. Biometrics. Biopharmaceutical scientists may think of biometrics as the statistical study of biological phenomena. But in computer security it refers to authentication techniques that rely on measurable physical characteristics that can be automatically checked, such as fingerprints, speech, or retinal patterns. FDA defines biometrics as verifying an individuals identity based on measurement of the individuals physical feature(s) or repeatable action(s) where those features and/or actions are both unique to that individual and measurable. Closedsystem. An environment in which system access is controlled by persons responsible for the content of the records on the system. Most firms regulated by the FDA fall into this category. Configurationsettings. An overall organizational structure defining how permissions are configured, with settings allowing one user to only read a file, but another can execute or run that file, and a third may be able to write new data into it, for example. Dataintegrityis the validity of data and its relationships. In order for electronic records to be trustworthy and reliable, the links between raw data, metadata, and results must not be compromised or broken. Without data integrity, it is not possible to reliably regenerate a previous result. Disabledaccount. A user account that has its access turned off so that it is not usable until such time as access is given again. Electronicsignatures, digital signatures, or e-sigs. According to FDA, an electronic signature is any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individuals handwritten signature. A digital signature is an electronic signature based upon cryptographic methods of originator authentication, computed by using a set of parameters so that the identity of the signer and the integrity of the data can be verified. Encryption. Translation of data into secret code is the most effective way to secure data security. Unencrypted data is called plain text and encrypted data is referred to as cipher text. External or remoteaccess. the ability to log on to a network from a distant location. The system containing data is the host while the computer at which a user sits is called the remote terminal. Slower data transfer speeds are the only difference between a remote station and a workstation connected directly to the network. IDparametersset authentication and authorization codes usually related to a user ID and password. The unique set of characters that enables a user to access files, issue commands, or run programs. Inactivity disconnect or lockedsessionis a computer session that freezes or logs off automatically when no data has been input for a period of time. Informationtechnology (IT). The broad field concerned with managing and processing information, particularly within large companies. Also referred to as information services (IS) or management information services (MIS). SECURITY TALK GLOSSARY OF TERMS Regulat ory Mat t ers Reducevalidationeffortsfor biometrics identification mechanisms by delaying implementation until they become pervasive. Wait until operating systems offer intrinsic functions or standard add-ons. Define the measures to protect against impersonation. Your data system can lock a current session explicitly and automatically using inactivity timeouts. Defineaccess rightsaccording to the job role requirements of your company. To manage access rights for large groups of users, define access rights by job role rather than individually. An ideal data system allows configuring access rights by user groups. To Be in Compliance Here are the main steps to consider and evaluate to ensure access security in accordance with 21 CFR Part 11. Use the security mechanisms of your data system to control access. Ideally, data systems tie into the user account database of an operating system. Define, implement, and use a password policy to ensureconfidentialityand authenticity of individual user passwords. The data system should either allow defining password policies or tie into the password policies of the operating system. Needless to say, a data system that is compliant with 21 CFR Part 11 will allow the assignment of specific access rights by job role so a service engineer cannot perform operations that affect data security. Because critical tasks require an electronic signature before they are completed, those tasks can be stopped or undone by the service engineers if they are initiated by mistake. Figure 2 shows a screen shot of an NT user profile with the user account temporarily disabled, as should be done to service accounts when not in use. Integrateddataorganizationsystem, logical security, or internal logic. Data management planning and configuring that combines the diverse applications used by a company with the operating system in such a way that authentication and authorization are achieved most efficiently and effectively. Login, logon, or logincredentials, alsouser IDanduser name. Identification methods that make a computer system recognize users so they can begin computer sessions, usually user names and passwords. Metadata, rawdata, andresults. Metadata are important for reconstructing a final report from raw data. In chromatography, they include integration parameters and calibration tables. In long division, 1,000 5 would be the raw data, the work you had to show on your paper in fourth grade math class would be the metadata, and 200 would be your result. Opensystem. An environment in which system access is not controlled by persons responsible for the content of electronic records on that system, one with little or no security, authorization, or authentication. Operatingsystemor operatingenvironment. The most important program that runs on the computer performs basic tasks such as recognizing input from the keyboard, sending output to display screens, keeping track of files and directories, and controlling peripherals such as printers. Microsoft Windows NT, LINUX, and UNIX are operating systems. Passwordcracker. Ideally, a password is something nobody can guess. In practice, people choose passwords that are pretty easy to guess, such as their name or initials. Password cracker programs seek to guess passwords so that an unauthorized user can break into a computer system. Though frequently used interchangeably, a cracker is someone who breaks into a secure system, whereas a hacker is more interested in learning about computer systems or in playing pranks than in compromising secure data. Permissions or privilegesare security codes that define or restrict which users can read, write, and execute the associated files, directories, or programs. Some departments only need to look at data, some need to input data or run programs, and others may not need to look at the data at all. Principleof nonrepudiation. The ability to say with confident assurance that only one user entered specific data or performed specific actions on a computer system and that the particular user is identifiable. If more than one user can get into the system in such a way that the audit trail cannot specify who performed what action, the principle of nonrepudiation has been violated. Privatedatashares. Personal directories on a file server that are only accessible by the owner of the data. Scripts or adminscripts. Another term for macro or batch file, a script is a bit of programming that automates tasks. Admin scripts usually provide tools to help system administrators set up user permissions for system security. Security mechanisms or dedicatedsecurity mechanismsrefer to techniques for ensuring that data stored in a computer cannot be read or compromised. Most security measures involve encryption or passwords. Servers, programs, andfiles. A server is a computer or device on a network that manages network resources. A file server stores files, a print server manages printers, a network server manages network traffic, and a database server processes database inquiries. A program is an organized list of instructions (like a recipe) that causes a computer to behave in certain predetermined ways. Files are collections of data with file names: text files, data files, program files, or directory files. Serviceaccount loginor serviceuser account: An account on a computer system preprogrammed or added so the vendor or maintenance contractor will have authorization to access various machine routines to service it. Servicereleaseor servicepack. Defect-fix releases of an operating system that address serious issues or defects reported against a previous release. Service releases need to be installed on top of the original software. Shareddesktop, account, or login. A personal computer is often called a desktop. Shared personal computers, accounts, or logins can violate the principle of nonrepudiation. If the audit trail is unable to distinguish between individuals using such shared network resources, an electronic signature is not valid. Task-specificaccess or access by jobrole. A system administration tool for setting up user profiles, assigning users to groups, then assigning specific permissions to all users of that group. So the manager group might have privileges to only read the files in QA/QC. But a certain manager might have write privileges in the fermentation department she manages as a member of the fermentation group. Assigning privileges by task or job means that users will be authorized to use only the network resources they need to do their job. SECURITY TALK GLOSSARY OF TERMS(Continued) If the laboratory setup requires users to share the same desktop, performuser authenticationin the chromatography data system itself, using an individual and unique combination of user ID and password of each authorized user. Shared logons to the data system negate the principle of nonrepudiation of a signed record; if others share the logon, a signed record can be repudiated. Implement a security policy to createa dedicateduser account for vendor servicepersonnel. If at all possible, disable tasks that could affect the confidentiality or security of the data stored in the system. Disable the service user account when it is not in use for service or maintenance activities. Consider whether additional procedural controls are necessary for its use. Recently, several warning letters and 483s were issued citing 21 CFR Part 11 violations. Although most addressed electronic batch recordkeeping practices in pharmaceutical manufacturing, FDA clearly expects companies to be taking steps toward compliance and to have a plan in place (5). That is especially true in the area of legacy systems, where time is running out and you have to play a game of catch- up (5). In the next installment of this series, planned for BioPharms March 2000 issue, we will focus on a subject that goes right into the core of Part 11 to separate the wheat from the chaff in chromatography data systems: data integrity. References (1) L. Huber, Implementing 21 CFR Part 11 in Analytical Laboratories: Part 1, Overview and Requirements, BioPharm 12(11), 2834 (1999). (2) Code of Federal Regulations, Food and Drugs, Title 21, Part 11, Electronic Records; Electronic Signatures (U.S. Government Printing Office, Washington, DC). Also Federal Register 62(54), 1342913466. (3) L. Huber, Validation of Computerized Analytical Instruments (Interpharm Press, Inc., Buffalo Grove, IL, 1995). (4) Compliance Policy Guide: 21 CFR Part 11; Electronic Records, Electronic Signatures (CPG 7153.17) (FDA, Washington, DC) www.fda.gov/ora/compliance_ref/cpg/cpggenl/ cpg160-850.htm. (5) Gold Sheet 33(7) (F-D-C Reports Inc., Chevy Chase, MD, 1999). (6) M.J. Edwards, The Handy Security Toolkit Revisited, Windows NT Magazine (October 1999) www.winntmag.com. (7) Rules and Regulations comment 124, Federal Register 62(54) (20 March 1997), pp.13429, from the Federal Register Online, GPO Access, DOCID:fr20mr97-25. (8) Implementing Electronic Records and Signatures with Hewlett-Packards ChemStation, (Hewlett-Packard, Little Falls, DE, 1998) publication number 12-5966- 2315E. (9) Using ChemStation Plus to Comply with FDA 21 CFR Part 11, (Agilent Technologies, Little Falls, DE, 1999) publication number 5968- 7930E. BP Agilent Technologies Publication Number 5980-1306E Reprinted from BIOPHARM, January 2000 AN ADVANSTAR # PUBLICATION Printed in U.S.A. Copyright Notice Copyright by Advanstar Communications Inc. Advanstar Communications Inc. retains all rights to this article. This article may only be viewed or printed (1) for personal use. User may not actively save any text or graphics/photos to local hard drives or duplicate this article in whole or in part, in any medium. Advanstar Communications Inc. home page is located at http://www.advanstar.com.