Tuesday, August 26, 2014

ITME FDA 21 CFR Part 11 Features

The InTouch Machine Edition (ITME) has built-in functionality to create 21 CFR part 11 compliant projects with traceability and e-signatures. These features are often used for pharmaceutical and food applications, but can be used for any application where traceability is a requirement. 
.Image source: expertbriefings.com
The 21 CFR Part 11 regulations from the Food and Drug Administration (FDA) sets forth the criteria under which the agency considers electronic records and electronic signatures to be trustworthy, reliable, and generally equivalent to paper records and handwritten signatures executed on paper.

This post lists describes enhancements and other features that allow users to easily configure applications in conformance with the 21 CFR Part 11 regulation, using ITME as an engineering and runtime tool, and using ITME Embedded  Standard and Embedded  Compact as a runtime program for Windows Embedded standard and Windows Embedded Compact respectively.
General Comments:
The software (HMI) cannot state that it complies with FDA Part 11. The software shall provide the necessary tools to allow a user to create a system (application) that is compliant with FDA Part 11.
The HMI should not “force” the user to build an application that is compliant with FDA Part 11. FDA Part 11 compliance is optional during application development.
An Electronic Record is any data that can be saved as electronic media and retrieved later.
An Electronic Signature is a specific type of Electronic Record that contains the following information:
  • Timestamp
  • User name
  • Meaning of the signature
A Digital Signature is a specific type of Electronic Signature, in which the data is encrypted.
An Open System (such as the World Wide Web or Web) requires encryption for electronic reports and for the Electronic Signature (Digital Signature).
Electronic records are associated with events (such as tag changes, load recipes, and so forth), whether the user triggered the event or not. Electronic signatures are associated with actions triggered by the user (such as pressing a button, changing a slider, entering a set-point manually, and so forth).
Electronic Records (Event Logger, Alarms, Reports)
The Part 11 rule does not mention whether the electronic records must be stored in a standard database (such as SQL Server, etc.) or in a proprietary format. When you use a standard database, the responsibility for guaranteeing the confidentiality of the database relies on the database itself (such as password protected databases). ITME has direct interfaces to databases for Alarms, Events, Trend and Grid objects through ADO, OLE DB or ODBC.
Electronic Signatures (Security System)
The system administrator must be able to access the user account settings to create new accounts, lockout users, and de-authorize them. These changes must be logged, even if the runtime is not running. 
Nobody (not even the System Administrator) can have access to the password of any user.
ITME Functions Related to FDA 21 CFR Part 11
This section lists  the ITME functions (Security System Functions) associated with the features above.
  • BlockUser(strUserName)
  • CreateUser(strUserName, strGroupName, strPassword)
  • GetUserNames (strUsers nUserType strGroups)
  • GetUserState(strUserName)
  • RemoveUser(strUserName)
  • SetPassword(strUserName, strOptionalNewPassword)
  • UnblockUser(strUserName)