Industries > FDA 21 CFR Part 11

MeasurLink offers support of the FDA 21 CFR Part 11 specification for Electronic Data Storage and Signatures with enhanced logon security, profiles and audit trails as follows:
 
Function No. Function Description Mandatory/Desirable Requirement Location/Explanation of Function Documentation
F1 Operational Requirements    
F1-1 Require that a program be provided for the evaluation of measured values and the statistical process control, using different measuring devices to obtain the measured values. Mandatory This is basic functionality in MeasurLink Real-Time, which is an SPC data collection software.
F1-2 Evaluations require to be immediately updated after change in the set data. Mandatory This is basic functionality in the MeasurLink Real-Time data collection software.
F1-3 The program should be based on a special data structure, which guarantees a high degree of data security. Mandatory The relational database used for MeasurLink® applications is developed using SQL Server Database Management System and is based on a unique data structure. Data integrity is ensured through SQL transaction processing.
F1-4 Produce various types of definitive reports. Mandatory MeasurLink Real-Time data collection software provides various reporting options with customizable features.
F2 Security & Password Confidentiality    
F2-1 Add/modify/delete User profiles Mandatory The MeasurLink Security Center, available with all MeasurLink applications, has been designed to comply with the 21 CFR Part 11 ruling of the FDA.
F2-2 Assign Users to User profiles Mandatory The MeasurLink Security Center, available with all MeasurLink applications, has been designed to comply with the 21 CFR Part 11 ruling of the FDA.
F2-3 Add/modify/delete Users Mandatory The MeasurLink Security Center, available with all MeasurLink applications, has been designed to comply with the 21 CFR Part 11 ruling of the FDA.
F2-4 Unique User ID & password combination to gain access. Mandatory A user must have an assigned, unique User ID, a valid password, and proper authority to gain access to any MeasurLink application.
F2-5 Auto-logoff after a period of 10 mins. Mandatory An idle time-out period may be set for each user individually.
F2-6 Passwords must not be displayed on the screen as they are entered. Mandatory Passwords are never displayed on the screen.
F2-7 Passwords must always be encrypted when held in storage for any significant period of time or when transmitted across the network. One-time passwords are accepted. Mandatory Passwords are stored in an encrypted format.
F2-8 Passwords must never be embedded in sign-on utilities. For example, an unauthorized user must never be able to authenticate at sign-on merely by using a function key or by running an available program. Mandatory No embedded sign-on functionality has been introduced to any of the MeasurLink applications. User passwords must be successfully entered manually at the Log In prompt to gain access to a MeasurLink application.
F2-9 Passwords must never be hard-coded in source code, command files, scripts or installation kits. Mandatory No passwords are hard-coded or stored in a plain text format.
F2-10 Passwords must have a minimum length of six (6) characters. Mandatory A minimum password length can be established.
F2-11 Passwords must be changed at least every ninety (90) days. System should prompt the User to change the password. Mandatory A password expiration period can be established.
F2-12 Temporary and initial passwords must be marked as expired, and the user must be required to change the password at the first use. Mandatory MeasurLink Security requires all initial and temporary passwords to be changed by a user the first time a log on is attempted. Initial and temporary passwords cannot be used to access a MeasurLink Application.
F2-13 User-chosen passwords must not be reused for five (5) iterations. Mandatory Restrictions on reuse of passwords can be established.
F2-14 Proper proof of identification must be provided before changing a password. Mandatory Proper proof of identification must be provided in the form of the unique User ID and a password before a Login or password change is allowed.
F2-15 If a resigning or terminated staff member was responsible for system administration, all relevant passwords must be changed immediately. Mandatory Someone with proper authority can change a password for any user at any time. Additionally, users can be placed in an inactive state, which restricts all access to the software.
F3 Audit Trails    
F3-1 Person Responsible Mandatory MeasurLink supports audit trails for the following:
  • Module login/logout
  • Data entry
  • Edit/deletion of:
    • Runs
    • Measurement data
    • Traceability tags
    • Assignable Cause/Corrective Action tags
    • Serial Number tags
    • Note tags
    • Part details
    • Routine details
    • Traceability List details
    • Assignable Cause details
Information regarding the person responsible for the above actions is available through a series of report templates provided by MeasurLink.
F3-2 Date and time stamp Mandatory MeasurLink supports audit trails for the following:
  • Module login/logout
  • Data entry
  • Edit/deletion of:
    • Runs
    • Measurement data
    • Traceability tags
    • Assignable Cause/Corrective Action tags
    • Serial Number tags
    • Note tags
    • Part details
    • Routine details
    • Traceability List details
    • Assignable Cause details
Information regarding the person responsible for the above actions is available through a series of report templates provided by MeasurLink.
F3-3 User action/entry (e.g. logging in/out, creating, modifying and deleting records). Mandatory MeasurLink supports audit trails for the following:
  • Module login/logout
  • Data entry
  • Edit/deletion of:
    • Runs
    • Measurement data
    • Traceability tags
    • Assignable Cause/Corrective Action tags
    • Serial Number tags
    • Note tags
    • Part details
    • Routine details
    • Traceability List details
    • Assignable Cause details
Information regarding the person responsible for the above actions is available through a series of report templates provided by MeasurLink.
F4 Backup    
F4-1 System allows backup & restore of electronic data Mandatory The relational database used for MeasurLink® applications is developed using SQL Server and can be maintained on a network server. This relational database can work directly with a multi-user Client/Server database system (purchased separately by the user) and can be archived and restored via the host database management system.
F4-2 Backup can be setup to occur automatically Mandatory The relational database used for MeasurLink® applications is developed using SQL Server and can be maintained on a network server. This relational database can work directly with a multi-user Client/Server database system (purchased separately by the user) and can be archived and restored via the host database management system.
F5 Data Integrity    
F5-1 System has ability to detect/prevent alteration of electronic data. Mandatory The relational database used for MeasurLink® applications is developed using SQL Server and can be maintained on a network server. SQL Server requires specific authorization outside of the MeasurLink software. This authorization controls the ability of all users to access data from external sources.
F5-2 Complete copies of data can be produced. Mandatory Simple data export functions are available in all MeasurLink® data collection applications and MeasurLink® Process Analyzer. All MeasurLink® applications have report functions capable of producing SPC charting and data analysis.
F6 Electronic Signature    
F6-1 The User will be required to approve & sign-off on quality critical records electronically to prevent accidental or deliberate record and signature falsification. Mandatory Each authorized user will have a unique e-signature based on their User ID and password.
F6-2 The e-sign will be unique to one individual. Mandatory Each authorized user will have a unique e-signature based on their User ID and password.
F6-3 The e-sign will be based on 2 distinct components. Mandatory Each authorized user will have a unique e-signature base on their User ID and password. The authorized user is also required to provide a comment regarding the signature.
F6-4 During a continuous session the password is executed at each signing. Mandatory Every application of an e-signature requires password verification.

Contact MeasurLink support if you need information about previous versions of the software.