Professional Documents
Culture Documents
Customer and Supplier Roles and Responsibilities for Assessment of METTLER TOLEDO
STARe Software Version V9.01, including:
- 21 CFR 11 Compliance software option and
- Install Plus software option
for Compliance with the Requirements of 21 CFR Part 11 Regulations
(Electronic Records and Electronic Signatures Final Rule)
21CFR11FAQSTAREv901.doc
1 of 24
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
Technical controls
(Supplier responsibility)
Software designed to be
compliant
Procedural controls
(User responsibility)
Administrative controls
(User responsibility)
21 CFR 11 Requirements
defined in the regulations
Figure 1: A compliant system requires 3 elements: one from the supplier and two from the user
21CFR11FAQSTAREv901.doc
2 of 24
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
The reference number (Ref. No.) index on page 5 21 is based on the following
table:
21 CFR Part 11 (Electronic Records; Electronic Signatures)
http://www.fda.gov
Sec.
Subpart A General Provisions
11.1
Scope.
11.2
Implementation.
11.3
Definitions.
Subpart B Electronic Records
11.10 Controls for closed systems.
11.30 Controls for open systems.
11.50 Signature manifestation.
11.70 Signature/record linking.
Subpart C Electronic Signatures
11.100 General requirements.
11.200 Electronic signature components and controls.
11.300 Controls for identification codes/passwords.
21CFR11FAQSTAREv901.doc
3 of 24
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
21CFR11FAQSTAREv901.doc
4 of 24
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
Control
Responsible
Comments
P&A
Customer
P&A
Supplier
11.10(a) / 2
P&A
Customer
11.10(a) / 3
P&A
Supplier
21CFR11FAQSTAREv901.doc
5 of 24
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
Ref. No.
11.10(a) / 4
Control
Responsible
Comments
P&A
Customer
P&A
Supplier
21CFR11FAQSTAREv901.doc
6 of 24
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
Ref. No.
Control
Responsible
Comments
Tech
Supplier
P&A
Customer
Tech
Supplier
Yes, paper copies are possible and electronic copies (in PDF
format) are possible.
11.10(b) / 4
21CFR11FAQSTAREv901.doc
7 of 24
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
Ref. No.
Control
Responsible
Comments
P&A
Customer
11.10(c) / 6
P&A
Customer
11.10(c) / 7
P&A
Customer
11.10(c) / 8
P&A
Tech
Customer
Supplier
11.10(c) / 9
Tech
Supplier
11.10(c) / 10
Tech,
P&A
Supplier,
Customer
11.10(c) / 11
Tech
Supplier
11.10(c) / 12
Tech
Supplier
11.10(c) / 13
Tech
P&A
Supplier
Customer
The data can be recreated from the backup. Data created after
the last backup is usually lost (e.g. hard disk failure).
11.10(c) / 14
P&A
Customer
21CFR11FAQSTAREv901.doc
8 of 24
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
Ref. No.
11.10(c) / 15
Control
Responsible
P&A
Customer
21CFR11FAQSTAREv901.doc
9 of 24
Comments
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
Ref. No.
Control
Responsible
Comments
Security [11.10(d)]:
Limiting system access to authorized individuals.
11.10(d) / 16
P&A
Customer
11.10(d) / 17
Tech
Supplier
P&A
Customer
11.10(d) / 18
Tech
Supplier
11.10(d) / 19
P&A
Tech
Customer
Supplier
11.10(d) / 20
P&A
Customer
11.10(d) / 21
Tech
P&A
Supplier
Customer
11.10(d) / 22
Tech
Supplier
11.10(d) / 23
Tech
P&A
Supplier
Customer
11.10(d) / 24
P&A
Customer
21CFR11FAQSTAREv901.doc
10 of 24
Yes, the system has two safety levels. Only users with a
Windows and a STARe account can access the STARe
software.
The STARe system has its own session lock system that is
password-protected.
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
Ref. No.
Control
Responsible
Comments
Tech
Supplier
11.10(e) / 26
Tech
Supplier
Yes
11.10(e) / 27
Tech
Supplier
Yes
11.10(e) / 28
P&A
Customer
11.10(e) / 29
Tech
Supplier
Yes, the operator identity (user ID) is given by the unique user
name.
11.10(e) / 30
Tech
Supplier
11.10(e) / 31
Tech
Supplier
Yes
11.10(e) / 32
Tech
Supplier
Yes
11.10(e) / 33
Tech
Supplier
Yes
11.10(e) / 34
Tech
Supplier
Yes
21CFR11FAQSTAREv901.doc
11 of 24
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
Ref. No.
Control
Responsible
Comments
11.10(e) / 35
Tech
Supplier
Yes
11.10(e) / 36
Tech
Supplier
Yes
11.10(e) / 37
Tech
Supplier
11.10(e) / 38
Tech
Supplier
Yes. The audit trail is also stored in the database and therefore
part of the backup.
P&A
Customer
11.10(e) / 39
Tech
Supplier
11.10(e) / 40
Tech
P&A
Supplier
Customer
Yes
11.10(e) / 41
Tech
Supplier
11.10(e) / 42
Tech
Supplier
Yes
Tech
Supplier
21CFR11FAQSTAREv901.doc
12 of 24
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
Ref. No.
Control
Responsible
Comments
Tech
Supplier
11.10(g) / 45
Tech
Supplier
Yes
11.10(g) / 46
Tech
Supplier
11.10(g) / 47
P&A
Customer
11.10(g) / 48
Tech
Supplier
P&A
Customer
Yes. You can only access the database via the STARe
software. The STARe software allows only certain predefined
transactions to be performed.
Tech
Supplier
11.10(h) / 50
Tech
Supplier
21CFR11FAQSTAREv901.doc
13 of 24
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
Ref. No.
Control
Responsible
Comments
P&A
Supplier
11.10(i) / 52
P&A
Supplier
11.10(i) / 53
P&A
Customer
11.10(i) / 54
P&A
Customer
P&A
Customer
21CFR11FAQSTAREv901.doc
14 of 24
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
Ref. No.
Control
Responsible
Comments
P&A
Customer
11.10(k) / 57
P&A
Customer
11.10(k) / 58
P&A
Customer
11.10(k) / 59
P&A
Supplier
Customer
21CFR11FAQSTAREv901.doc
15 of 24
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
Ref. No.
Control
Responsible
Comments
Tech
Supplier
Yes
P&A
Customer
Tech
Supplier
P&A
Customer
Tech
Supplier
P&A
Customer
11.50(a) / 2
11.50(a) / 3
21CFR11FAQSTAREv901.doc
16 of 24
Yes
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
Ref. No.
Control
Responsible
Comments
Tech
Supplier
Yes
P&A
Customer
Tech
Supplier
11.50(b) / 5
21CFR11FAQSTAREv901.doc
17 of 24
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
Ref. No.
Control
Responsible
Comments
Yes
Tech
Supplier
11.70 / 2
P&A
Customer
11.70 / 3
Tech
Supplier
Yes
11.70 / 4
Tech
Supplier
Yes.
P&A
Customer
21CFR11FAQSTAREv901.doc
18 of 24
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
Ref. No.
Control
Responsible
Comments
Tech
Supplier
P&A
Customer
Tech
P&A
Supplier
Customer
P&A
Tech
Customer
Supplier
11.100 (a) / 2
21CFR11FAQSTAREv901.doc
19 of 24
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
Ref. No.
Control
Responsible
Comments
P&A
Customer
11.100 (c) / 5
P&A
Customer
21CFR11FAQSTAREv901.doc
20 of 24
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
Ref. No.
Control
Responsible
Comments
Tech
Supplier
21CFR11FAQSTAREv901.doc
21 of 24
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
Ref. No.
Control
Responsible
Comments
11.200 (a) / 2
Tech
Supplier
11.200 (a) / 3
Tech
Supplier
11.200 (a) / 4
P&A
Customer
11.200 (a) / 5
Tech
Supplier
Yes
11.300 (a) / 1
Tech
Supplier
11.300 (a) / 2
P&A
Customer
Tech
Supplier
21CFR11FAQSTAREv901.doc
22 of 24
Yes
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
Ref. No.
Control
Responsible
Comments
P&A
Customer
11.300 (b) / 4
Tech
Customer
Supplier
11.300 (b) / 5
Tech
Supplier
Yes
Tech
Supplier
P&A
Customer
Tech
Supplier
P&A
Customer
P&A
Customer
11.300 (c) / 7
11.300 (c) / 8
21CFR11FAQSTAREv901.doc
23 of 24
27.02.2006
CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT
Ref. No.
Control
Responsible
Comments
Tech
Supplier
11.300 (d) / 10
Tech
Supplier
P&A
Customer
Tech
Supplier
21CFR11FAQSTAREv901.doc
24 of 24
The STARe software does not support the use of tokens and
devices to generate identification codes or password
information.
27.02.2006