Our Software application is fully compliance with 21 CFR Part 11 requirements. We provide full validation package and support needed for compliance with 21 CFR Part 11 requirements.

We provide solutions to help our customers to design processes that complies with FDA QSR (21CFR 820, 21CFR211) without sacrificing the productivity. Following are some of the highlights of 21 CFR Part 11 requirements and how Qualcy Software meets these requirements.

 

21CFR Part 11 Requirements – Regulatory/Compliance Requirements
URS No. Description of the Requirement System Design/(Features and Solutions)
URS-7.9.1 21 CFR Part 11.10(b):  All electronic records can be printed and/or viewed on the screen. These electronic records can be copied to removable media and/or transferred over a network. Application Design, Data base and File System/ (All records can be printed in .pdf format, the search and query data can be exported to Excel)
URS-7.9.2 21 CFR Part 11.10(c):  A retention period(s) shall be defined for all electronic records.  These electronic records shall be protected from loss and alteration over the retention period(s).  The user shall be able to retrieve these electronic records in a reasonable time over this retention period(s). Offline SOP/WI for data back up and disaster recovery, Training System and Records/(the retention period is documented in the license agreement, automated data back up )
URS-7.9.3 21 CFR Part 11.10(d):  The system shall use logical security to control access to the system such that user needs to use user ID and password granted by the system to log on to the system. User Management/

(Each user is assigned unique ID by the system. Both ID and PW are required for log in to the system. The user has option to change password)

URS-7.9.4 21 CFR Part 11.10(e):  The system shall employ a computer-generated audit trail to independently record the date, time and user ID when electronic records are created, modified, or deleted. Application Design, Data base and File System/ (All changes are tracked with time stamp and UserID when any changes are made to electronics records)
URS-7.9.5 21 CFR Part 11.10(e):  Upon making a change to an electronic record, information from previous version of the record shall be available for retrieval (i.e., not obscured by the change). Application Design, Data base and File System/ (entire history of changes are available in the audit trail, with time stamp and userId)
URS-7.9.6 21 CFR Part 11.10(e):  The audit trail shall always be on.  The audit trail shall be protected from modification.  The user shall be able to retrieve the audit trail at any time throughout the record’s retention period for review or copying. Application Design, Data base and File System/ (The audit trail is always on by design, no option for tampering or changing the audit trail for any user. Any user can access the audit trail anytime)
URS-7.9.7 21 CFR Part 11.10(f):  The system shall enforce sequencing of steps and events of an operation (e.g., Cal/PM record creation, review and approval of the Cal/PM records, OOT record creation, Investigation of the OOT records, Review and approval of OOT records) System Workflow design/ (the work flow is executed in steps- creation of record, submit for review, reject/approval)
URS-7.9.8 21 CFR Part 11.10(g):  The system shall use authority checks to ensure only individuals with the right access levels can use the system, perform certain operations, and alter a record. User Management/ ( option for assignment of roles- author, prj. Owner, coordinator, approver, admin, The approvers have department description. Only Admin role can create new users.)
URS No. Description of the Requirement  System Design/(Features and Solutions)
URS-7.9.9 21 CFR Part 11.10(i):  There shall be documentation (training records) to show that persons who develop, maintain, or use electronic record systems have the education, training, and experience to perform their assigned tasks Offline -Training System and Records/(User training provided for users  including admin roles, the training records are provided)
URS-7.9.10 21 CFR Part 11.10(k)(1):  There shall be adequate control of the distribution, access, and use of documentation (e.g. SOP, work instruction, user manual) for the system’s operation and maintenance. System Documentation/ (SOP for system’s operation and SOP for system maintenance and control)
URS-7.9.11 21 CFR Part 11.10(k)(2):  If changes to system documentation are controlled in paper form, the documentation shall have revision control and revision history.  If changes to system documentation are controlled in electronic form, the electronic system documentation shall have a computer-generated audit trail that meets the requirements of 21 CFR Part 11.10(e). System Documentation/(The changes for system documentation are maintained in paper form)
URS-7.10.1 21 CFR Part 11.50(a):  Every signed electronic record shall contain the following signature manifestation information associated with the signing: 1) Printed full name of the signer, 2) Date and time when the signature was executed, 3) Meaning of the signing (e.g. approval, authorship). Work Flow and Audit Trail/(E-sign contains  userID, PW and reason/meaning)
URS-7.10.2 21 CFR Part 11.50(b):  The signature manifestation information (i.e. printed full name of the signer, date and time of the signing, and meaning of signing) shall be readily available for display on the screen and printed out by every user. Work Flow and Audit Trail/(The E-sign information can be printed into .pdf document by any user)
URS-7.10.3 21 CFR Part 11.70:  Electronic signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signature cannot be excised, copied or otherwise transferred to falsify an electronic record. Audit Trail/ (Esign are linked to respective records.  The system does not allow changes to E-sign or audit trails)
URS-7.10.4 21 CFR Part 11.70:  The system shall maintain the link between the electronic signature and its electronic record for the life of that record. Esign and Audit Trail/ (Esign are linked to respective records. The system does not allow changes to E-sign or Audit trails)

 

URS No. Description of the Requirement  System Design/(Features and Solutions)
URS-7.10.5 21 CFR Part 11.100(a) & 11.300(a):  Each electronic signature shall be made up of two components: user ID and password.  The user ID shall be unique such that no two or more individuals having the same user ID.  The password shall only be known to the individual user. User Management/ (the E-sign contains userID, PW and reason/meaning. By design system assigns unique userID. The userID can not be repeated )
URS-7.10.6 21 CFR Part 11.100(a) & 11.300(a):  User IDs shall never be reused or reassigned even if a user moves to a different position or leaves the company. User Management/ (By design system assigns unique userID. The userID can not be repeated )
URS-7.10.7 21 CFR Part 11.200(a)(1):  Both signature components (i.e. user ID and password) have to be executed at each time of signing. Work Flow e-Signature/ (Both userID and PW are required for the execution of UserID)
URS-7.10.8 21 CFR Part 11.200(a)(1)(i) & (a)(1)(ii):  The system shall automatically log off after a period of inactivity. Application design/ (The system logs off after 30 min or set time for inactivity of sessions)
URS-7.10.9 21 CFR Part 11.10(g):  The system shall verify the user’s access level to ensure that only authorized user can electronically sign a record. Work Flow E-Signature/ (option for assignment of roles- author, prj. Owner, coordinator, approver, admin. Only users with Approver role can  review and approve the records)
URS-7.10.10 21 CFR Part 11.300(b):  The system shall periodically check, recall or revise user IDs and passwords to prevent password aging. 60-day password change option/ (Built in password reset policy)
URS-7.10.11 21 CFR Part 11.300(d):  The system shall have transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and as appropriate, to organizational management. Application design/ Password reset after initial registration, account lock after 3 mis-attempts