This article explains the related sections of the 21 CFR Part 11 regulations and their application to the Vi-CELL BLU control software. The application and compliance of 21 CFR Part 11 continues to be the responsibility of the organization or entity that is generating and signing the electronic records. Appropriate methods and practices, like GLP and GMP, are part of the general compliance with these regulations just like the components of the Vi-CELL BLU control software.
21 CFR part 11
The FDA established the Electronic Records and Electronic Signatures Rule (21 CFR Part 11) in order to outline the necessities for electronic form records and the accepted electronic signatures criteria.
Electronic records
As seen in Section 11.3 subpart A of 21 CFR Part 11, an electronic record is described as ‘any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that is created, modified, maintained, archived, retrieved or distributed by a computer system’.
This has reference to any digital computer file sent to the FDA, or any information not submitted but that must be archived. Public docket No. 92S-0251 of the Federal Register (Vol. 62, No. 54) classifies the types of documents satisfactory for submission in electronic form and the location where these submissions may be completed.
Requirements of the FDA
The general comments section of the ruling concurs that ‘The agency emphasizes that these regulations do not require, but rather permit, the use of electronic records and signatures’. The final ruling introduction explains that ‘The use of electronic records as well as their submissions to FDA is voluntary’.
In the case of electronic submissions, Section 11.2 describes that ‘persons may use electronic records in lieu of paper records or electronic signatures in lieu of traditional signatures provided that: (1) The requirements of this part are met; and (2) The document or parts of a document to be submitted have been identified in public docket No. 92S-0251’.
The Vi-CELL BLU control software was created to allow users to fulfill the requirements of the electronic records and signatures rule.
Electronic records and signatures implementation
Section 11.3 Subpart A explains two classes of systems:
1. Closed systems
A closed system is explained as a system ‘in which system access is controlled by persons who are responsible for the content of electronic records’. Simply put, the employees and organization with the responsibility of designing and maintaining the data within the system are also responsible for running and managing the system.
2. Open systems
An open system is one ‘in which system access is not controlled by persons who are responsible for the content of electronic records’.
The Vi-CELL BLU control software has been created to guarantee the correct operation, maintenance and management for system safety and data integrity. Any person that uses the Vi-CELL BLU, ranging from administrators to users, needs to follow these measures. Consequently, the overall responsibility falls on the organization creating electronic records and signatures. The Vi-CELL BLU software is just one feature, albeit an essential one, of the complete process.
Electronic record controls
Subpart B, Section 11.10 explains the controls for application of a “closed system”. Section 11.30 explains the controls for application of an “open system”, inclusive of “those identified in Section 11.10, as appropriate, and additional measures such as document encryption and use of appropriate digital signature standards”. Since a characteristic Vi-CELL BLU system can be observed as a closed system, further controls related to open systems will not be talked about here.
The key push of these controls is “to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine”. Alternatively put, for protection of the data and to make it hard for someone to state that it is not their “signature”.
Several of the controls explained in Section 11.10 are in reference to written procedures (SOPs) needed from an organization by the agency, for the purpose of storing and retrieving data, access control, training, responsibility, documentation, keeping of records, and change control. The additional controls are considered either by the Vi-CELL BLU software itself or together with end-user measures.
Electronic record establishment
The Vi-CELL BLU software uses a system of usernames and passwords, as seen in the conditions of Subpart C, Section 11.300, “to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand”.
21 CFR part 11 security
To enable the security option, select:
Image Credit: Beckman Coulter
Note: Inactivity timeout is set to stop unofficial access to the system, as when the system is left unsupervised straight after beginning the queue.
A log in in the system will be prompted. On the Log In dialog, a user name and password should be entered.
It is only possible for new users to be established and passwords reset by users with Administrator rights. Protection of this file is completed with a checksum and every user name consists of information about when the user was created, by whom, at what level, the user’s password in encrypted form and the file paths of the user. If this file is non-existent or if the checksum is absent, or invalid, then admission to the system will only be allowed for a small number of special users.
File history
Additionally, the Vi-CELL BLU software completes data input and “operational checks”, as described in Subpart B, Section 11.10, “to determine, as appropriate, the validity of the source of data input or operational instruction”, and “to enforce permitted sequencing of steps and events”. These two features guarantee that valid data are being added into the system, and all steps that are needed have been finished to complete the task at hand.
The purpose of data checking and authentication is explained in Section 11.10, Paragraph (b):”The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the agency”. The data cells from Vi-CELL BLU software are all automatically saved when they are created and its protection comes in the form of a checksum. In addition, Vi-CELL BLU software enables the ability to back up data to be the same as directories.
Section 11.10, paragraph (e) needs “use of secure computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Such audit trail documentation must be retained for a period at least as long that required to for the subject electronic records and must be available for agency review and copying.”
The Vi-CELL BLU software fulfills this rule by creating an audit trail that records the log in time of a user. The audit trail is encrypted and checksummed for additional security. Also, the audit trail will record and time-stamp: unsuccessful login attempts, changing users, switching security on or off, adding new user, enable/disable user, password change, password reset, lock instrument and unsuccessful checksums. Table 6.4 in the Vi-CELL BLU Instructions for Use (document C13232) can be referred to for a list of audit trail events and the associated descriptions.
Upon creation of a data file, the Vi-CELL BLU system software offers a computer-generated time-stamped record that records actions completed to generate a record. Storage of this information takes place within the actual data file itself, not in the Audit Trail file. Every data file consists of a computer-generated time-stamped record, the date and time of operator accesses, and the actions completed to generate the data file. Due to the system software, a data record cannot be altered or erased within the standard operation of the system software.
If the data file integrity is compromised in any way, the system renders the file unusable and it cannot be used by the Vi-CELL BLU software. Each data file consists of an embedded checksum that is utilized to review the integrity of the file whenever the file is loaded. If the data file is seen to be compromised, an error message can be seen and the file does not load.
Electronic signature
In Subpart A, Section 11.3, the definition of an electronic signature is stated as “a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature”. Subpart C, Section 11.100 of the regulation outlines the overall necessities of such a display.
Paragraph (a) affirms that “each electronic signature must be unique to one individual and must not be reused by, or reassigned to, anyone else”. These two paragraphs in combination give meaning that an electronic signature is some computer representation of the identity of a user, established to guarantee the distinct and unique identity of that individual user. The procedural part of Section 11.100 states that prior to any application of such electronic representation, first, the organization needs to “verify” the identity of that individual.
Subpart C, Section 11.200, is in reference to biometric and non-biometric forms of electronic signature. Non-biometric signatures refer to those that are computer generated and, as per Section 11.200, “Employ at least two distinct identification components such as an identification code and password”. The Vi-CELL BLU software supports this form of electronic signature.
Electronic signature generation
The Vi-CELL BLU software uses User IDs and passwords to confirm the identity of every user that logs into the system. When employing this method, Subpart C, Section 11.300 of the regulation necessitates “maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password”. This section also necessitates that the “identification code and password issuances are periodically checked, recalled, or revised”. Both of these provisions are supported by Vi-CELL BLU software.
Note: Supporting 21 CFR Part 11 compliance requires the user name that is entered to be the complete user display name.
Individuals are added to the list of valid Vi-CELL BLU users through the Add a New User dialog box for administration of the system. The “identification code” or username of every Vi-CELL BLU user needs to be unique and an identical username cannot be used by any two users on the same Vi-CELL BLU system.
An additional requirement is that these users provide a password for entry into the Vi-CELL BLU software, therefore fulfilling the requirement to “employ at least two distinct identification components such as an identification code and password”. Passwords are able to be controlled to exclude the usage of duplicates and to push the choice of new passwords after a given time period.
Through implementing these components, the Vi-CELL BLU software is able to fulfill the requirement that “identification code and password issuances are periodically checked, recalled, or revised”.
Electronic signature application
Subpart C, Section 11.200 specifies numerous requirements for electronic signature control. Methodically, the regulations state the requirements for electronic signatures “be used only by their genuine owners” and that they “be administered and executed to ensure that attempted use of an individual’s electronic signature by anyone other than its genuine owner requires the collaboration of two or more individuals”.
Implementation of Vi-CELL BLU user and password configuration measures means that the system is able to be configured to “ensure” that the unsuitable employment of these identifiers can solely be completed by the deliberate divulgence of security information.
Additionally, section 11.200 stipulates the employment of electronic signature components throughout a period “when an individual executes a series of signings during a single, continuous period of controlled system access”, and “when an individual executes one or more signings not performed during a single, continuous period of controlled system access”. For compliance with these provisions, the Vi-CELL BLU software utilizes the implementation of the username and password to validate the user completing and saving the changes, in concurrence with file history.
About Beckman Coulter Life Sciences
Beckman Coulter Life Sciences is dedicated to empowering discovery and scientific breakthroughs. The company’s global leadership and world-class service and support delivers sophisticated instrument systems, reagents and services to life science researchers in academic and commercial laboratories, enabling new discoveries in biology-based research and development.
A leader in centrifugation and flow cytometry, Beckman Coulter has long been an innovator in particle characterization and laboratory automation, and its products are used at the forefront of important areas of investigation, including genomics and proteomics.
Primary activity / Product lines
- Flow Cytometry
- Centrifugation
- Particle Counting and Characterization
- Liquid Handling and Robotics
- Nucleic Acid Sample Preparation
Sponsored Content Policy: News-Medical.net publishes articles and related content that may be derived from sources where we have existing commercial relationships, provided such content adds value to the core editorial ethos of News-Medical.Net which is to educate and inform site visitors interested in medical research, science, medical devices and treatments.