Product

11.10 - Controls for closed systems

11.10(a)

Procedures and controls shall include validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.

Shimadzu has extensively validated CLASS-Agent 2.1 and CLASS-VP 6.12 with tests written to specifically evaluate accuracy, reliability and consistent performance. IQ/OQ and other documents are available for customer use. The software has the ability to discern invalid or altered records. Also see sections 11.10(c), (d) and (e).

11.10(b)

Procedures and controls shall include the ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the agency.

Both individual data elements (Sample ID, Sample Name, Vial, Operator, etc.) and data files (Data, Method, Sequence, Chromatogram, Method Custom Report, and user-defined) are stored and access-controlled in the database. Accurate and complete records can be copied electronically or printed from the database. Review/ inspection is facilitated by pre-defined filter/query criteria, or by creation of custom reports. Records include metadata (such as creation date/time, operator identification, computer workstation identification).

11.10(c)

Procedures and controls shall include protection of records to enable their accurate and ready retrieval throughout the records retention period.

CLASS-Agent provides configurable controls for access to create or edit records, for retention of changed records, and for audit trail of records and user actions. CLASS-Agent also provides for query and accurate, ready retrieval of information in the database. Records, including Data, Method, Sequence, Chromatogram, Method Custom Report, and user-defined files are stored and access-controlled in the database. Links between files are maintained in Agent Manager. Further, linkage is also enforced by the grouping of Data, Method, Sequence, Chromatogram, Method Custom Report files into a compressed LZH file. Audit files are also access-controlled and stored. Records can be archived and retrieved by user-defined date/time specifications to provide ready retrieval throughout the record retention period.

11.10(d)

Procedures and controls shall include limiting system access to authorized individuals.

Access to CLASS-Agent requires a user ID and password at the application level. The admin of CLASS-Agent has functionality through an admin menu to authorize users and establish initial passwords and password controls, such as password length, change interval, and complexity. The system does not accept redundant user IDs. User IDs can be inactivated and reactivated but cannot be deleted. The common name of the user is linked to the user ID. User access to application functionality is further controlled by configurable individual privileges. Access control changes under the admin menu are recorded in a log that is not changeable by the application admin. Users are capable of changing their own passwords.

11.10(e)

Procedures and controls shall include use of secure, computer-generated time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail information shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying.

The system employs a unique identification assigned at the database level, thus data is not overwritten when a user attempts to assign a data file name used previously. The database record created under Agent Manager includes the Date/time/zone and operator name for operator entries and actions that create, modify, or delete records. Audit trails are created as database records and not accessible for alteration by users or admin. User actions that create, modify, or delete data result in creation of a new record with the modified data. Each record identifies the operator, the Date/time/zone, PC source, Instrument name, and substantial additional identifying information. In addition, audit trails exist for event logs and admin changes to user privileges and passwords. Audit trail information retained in an archival database maintains the links of the original database. Event log, admin change audit trail, and other logs retain links to the acquisition/analysis data by date when data association or selection is maintained in the archival process. The database files, audit trails, and logs can be displayed, copied, queried, sorted, and reported.

11.10(f)

Procedures and controls shall include use of operational system checks to enforce permitted sequencing of steps and events, as appropriate.

The data acquisition and sample sequence are defined by the method and sequence files. These controls supercede local instrument settings. The sequence established for a specific run enforces blank, standard, and sample order. The system enforces required fields and default values. The method and sequence files are linked with the data, chromatogram, and report files in a compressed LZH file.

11.10(g)

Procedures and controls shall include use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand.

Access control is described in section 11.10(d). Electronic signatures for every specific meaning employ a user ID and password. Only authorized users can execute an electronic signature. The combination of user ID and password is unique since the system enforces a unique user ID. The system verifies the data is acquired from the device specified in the method. An attempt to connect an alternative instrument would fail the device check. Records can only be altered and individual operations performed after authority checks, based on user ID and password against defined user privileges and record status.

11.10(h)

Procedures and controls shall include use of device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction.

Identification for valid instruments is established during system configuration. The system also verifies that the data is acquired from the device specified in the method. An attempt to connect an alternative instrument would fail the device check. The device ID, therefore is recorded and linked to the results by the method used to acquire the raw data. The stored method parameters override the keypad input during performance of a sequence.

11.50 – Signature manifestations

11.50

Signed electronic records shall contain information associated with the signing that clearly indicates the following:
・The printed name of the signer;
・The date and time when the signature was executed; and
・The meaning (such as review, approval, responsibility, or authorship) associated with the signature.
These items are subject to the same controls as for electronic records and shall be included as part of any human readable form of the electronic record (such as electronic display or printout).

At the time of execution of an electronic signature, the system displays the printed name of the signer, and the date/time/zone. The meaning of the signature is displayed in the window requiring the signature (e.g., confirmation, review, or approval). The printed name of the signer, the date/time/zone, and the signature meaning are also captured in the database. Furthermore, the printed name of the signer, the date/time/zone, and the signature meaning are sequentially added to the Method Custom Report PDF file for each action requiring an electronic signature. In addition to OS and application access controls documented in previous sections, the system enforces electronic signatures by role and workflow rules. Only a user with the appropriate user role and privileges can execute an electronic signature. The signatures are protected in the database so as a direct access to the user name, date/time/zone, and signature meaning in a record is not permitted. The name, date/time/zone, and signature meaning are data in the database and in the Method Custom Report PDF file and are included in display and printout of the record.

11.70 – Signature / record linking

11.70

Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means.

Users do not have direct access to the database records to which electronic signatures are applied. Furthermore, when an electronic signature is applied, for example to approve a record, the user name, date/time/zone, and meaning are embedded in the signed PDF file, and are thus not available for excision or edit. Handwritten signatures executed to electronic records (hybrid systems) can be easily linked to their respective electronic records. If employed, a handwritten signature executed to a printout from an electronic record can be linked to the unique electronic record by including in the printout the date, time printed, name of person printing report, file name, date/time file creation, unique file identification, location, etc.