Академический Документы
Профессиональный Документы
Культура Документы
Administrative Controls:
Set policies, assign roles and responsibilities, operator and
administrator training, ITIL implementation, auditing
Procedural Controls:
SOPs and Work Instructions for operation and administration,
computer system validation, calibration, network qualification.
awareness training
Technical Controls:
Computerized features like audit trail, backup mechanism, user
management and security, electronic signatures and/or digital
signatures to assist or enforce administrative and procedural controls
Secure Records
Back up, archive, records retention policy of ALL data and meta
data
Easy retrieval of e-records and Human Readable copies
controlled access with unique username and password
o limit functionality
o feeds audit trail
Secure computer generated audit trails for any changes to data
o What changed, who, when why (and now where)
Applications that work
Validation
Training
Electronic Signatures
Non repudiation of signature (if using)
PI 011-3
Annex 11
21 CFR Part 11
Access Control
Your firm did not put in place requirements for appropriate usernames and
passwords to allow appropriate control over data collected by your firm's
computerized systems including UV, IR, HPLC, and GC instruments. All
employees in your firm used the same username and password
Change Control
In addition, you did not document the changes made to the software or
data stored by the instrument systems.
Raw Data
Your firm had no system in place to ensure appropriate backup of
electronic raw data and no standard procedure for naming and saving data
for retrieval at a later date
Access Control
You have not implemented security control of laboratory electronic data. All laboratory
analysts share the same password for the HPLCs in the QC analytical chemistry lab
and Omnilog in the microbiology lab.
Raw Data
There is no system in place to ensure that all electronic raw data from the
laboratory is backed up and/or retained.
Data is deleted to make space for the most recent test results. You also informed our
investigators that printed copies of HPLC test results are treated as raw data.
Printed Copies
Printed copies of HPLC test results from your firms systems do not contain all of the
analytical metadata (for example: instrument conditions, integration parameters) that
is considered part of the raw data.
CDS
Application Timeout
One password unlocks all my
windows
Leaves other users windows
locked
Better than screensaver
Disallow annotation tools
Consider if relying on paper
report review
Date and Time Zone display
User accounts
No replication or deletion
User passwords
Full history
Expiry
Entry attempts
Length
Log on/off behaviour
Multiple users per Client
Default User interface rules
Calibration
Original Curves
Processing Method
Unchanged
Raw Data
File
Unique
Result
Original
Instrument Method
Sample
Instruments
Sample
Instruments
YES
2013 Waters Corporation 72
Double V Model from
GAMP Good Practice Guide: Testing
Security
Including Part 11 requirements
Administration
Management tasks
Backup /recovery, archiving, legacy data
Dealing with upgrades
Instrument Control
Sample Sequences
Processing
Integration, Calibration, Quantitation, further processing
Reporting
System Requirements
Specification
Legend
Vendor Audit
Analytical
Instrument
Qualification
Planning Analytical Systems
Extended
Software
Qualification
Specification Installation Qualifcation
Reporting/
Release
Changes to system
Risk assessment of the change
Performance tests
Actual impact of changes
How documentation should be updated
Training updated
Consider use of
High Availability solutions
o RAC, DataGuard, Oracle FailSafe
Emergency Workgroup or Personal Systems
Inspectors want to see that you have implemented the controls that
Empower provides for you
Unique Usernames for audit trails
Default strings for reasons WHY you change objects
Password expiry and history
Limited access to delete objects in the database