Product

11.100 - General Requirements

11.100(a)

Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else.

As has been shown in section 11.10(d), the user ID is not reusable by deletion/recreation, overwrite or other means. The system does not accept redundant user IDs. User IDs could be inactivated and reactivated but cannot be deleted. The common name of the user is linked to the user ID. Access control changes under the admin menu are recorded in a log that is not changeable by the application admin.

11.200 – Electronic signature components and controls

11.200(a)(1)

Electronic signatures shall employ at least two distinct components such as an identification code and password.
When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.
When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components.

As has been shown in section 11.10(d), the electronic signatures employ two distinct components such as user ID and password. The first signing of a continuous session requires a user ID and password whereas all subsequent signings only require a password. The first and all subsequent executions of an electronic signature used the password applied to a pop up signature box with the user ID employed. The printed user name of the logged in user is also displayed in the application window. Only the logged in user may apply an electronic signature.

11.200(a)(2)

Electronic signatures shall be used only by their genuine owners.

No two users can have the same username and password. The system does not accept redundant user IDs. The passwords (one of the two components of electronic signatures) cannot be viewed by anyone, including the admin at both operating system and application level. Admin changes to passwords are logged (the action, not the password).

11.200(a)(3)

Electronic signatures shall be administered and executed to ensure that attempted use of an individual’s electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals.

Use of an individual’s electronic signature would require collaboration of two or more individuals. Either the user would have to provide the password to another user, or the overall system admin would have to collaborate with the system/user configuration admin to ignore repeated changes to a user password in a short period. In the latter case, the admin log would persist in spite of the collaboration. Also refer to sections 11.10(d) and 11.200(a)(2).

11.300 – Controls for identification codes / passwords

11.300(a)

Identification codes/passwords controls shall include maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password.

User IDs are unique; they cannot be deleted or redundant. If a user ID has been inactivated, it can be re-activated. These actions are audit trailed. Used ID can be reactivated. Admin actions are logged. Also see section 11.10(d).

11.300(b)

Identification codes/passwords controls shall include ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging).

The application password expiration interval is configurable. Reuse of any of the last 10 passwords is not allowed. Minimum application password length is configurable. The number of failed login attempts allowed before system lockout, and/or a set lockout interval, is configurable. The Complexity setting selection enforces the use of both number and letters, thus excluding common words. Also see section 11.10(d).

11.300(d)

Identification codes/passwords controls shall include use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management.

The application can be configured to automatically lockout a user ID after a specified number of failed login attempts. The same functionality applies to electronic signature passwords. The application can be configured to send an email to a designated party for each failed login attempt. Also see sections 11.10(d) and 11.300(b).

11.300(e)

Identification codes/passwords controls shall include initial and periodic testing of devices that bear or generate identification code or password information to ensure that they function properly and have not been altered in an unauthorized manner.

The identifying code (serial number, instrument ID, assigned instrument name, etc. as configured by the system admin) of the data acquisition instrument is compared to the method instrument specification for each use as a condition for acquiring data. This instrument identification is present in the database record of each data acquisition. Access to servers to store data employs the same controls for identification and passwords as users as shown in section 11.10(d). Thus functionality is verified at each use, and changes are logged.