Validation & Compliance with 21CFR11 - Page 2
What software features must be included?
Page II of III
What software features are necessary to be 21 CFR Part 11 compliant?
-Define which individuals shall have access to the software - a current list shall always be available
-Define what the user roles are for the software (i.e. administrator, data entry, approver, etc.) and what each role can do
-Access to software shall require each user to have a unique username and password
-A defined number of incorrect login attempts shall lock the user from the software
-A defined time of inactivity shall lock the software for a given user
An audit trail shall be implemented that allows a means to reconstruct data modification.
The audit trail shall include: the name of the user that made the entry, what was changed (not obscuring the original value), the date and time of change and the reason for change.
Electronic Signatures/Digital Signatures
If electronic signatures will be used, they must include the following:
- Name of signer
- Time and Date of signature
- Meaning of signature
Note: An electronic signature consists of two components: id code (username) and password. This is different than the initial login to the software.
Users must have the ability to obtain meaningful data from the software.
The software shall be designed in such a way that a logical process workflow is incorporated (i.e. you are unable to approve until all required pieces are completed).
Data must be backed up on a regular basis
Standard Operating Procedures
- Standard Operating Procedures ensure the consistent use of the software
- Procedures should be developed on how the software will be used for a specific task
- Procedures shall also be developed for administrative functions of the software: how to add users, etc.
- Procedures should also be developed for activities that happen outside of the software in order to ensure the most accurate data
Training should be documented to verify that only trained individuals are using the software.
A quality validation methodology shall be used to ensure the system (software, people, etc) is performing as intended. It is important to understand that you are validating a SYSTEM and not just the software.