Professional Documents
Culture Documents
PHAZIR Rx and
TM
microPHAZIR Rx
Regulatory &
21 CFR Part 11
Compliance Statement
Version 3.1
Page 1 of 16
Page 2 of 16
OQ/PQ Monitor
PHAZIR ™ Data Management PHAZIR™ Setup Utility
Polychromix recommends
Software
Software
performing OQ (according to USP
1119 & EP 2.2.40 with traceable PHAZIR™ Data Management The PHAZIR™ Setup Utility
standards) during the initial Software:
PHAZIR DATA MANAGEMENT SOFTWARE provides tools for the system
qualification, annually, after source
‐ Applies electronic signatures administrator to setup and
exchange, or following any major
‐ Manages data archiving configure users accounts (login ,
maintenance or repair.
‐ Report generation password, and name), access
Performance Qualification (PQ),
‐ LIMS connectivity permissions for the PHAZIR RxTM
using serialized standards, which
and microPHAZIR RxTM, and
are integrated into the PHAZIR Rx™
PHAZIR™ Data Management PHAZIRTM Data Management
and microPHAZIR Rx™, can be
Software allows operators to System (Figure 5).
performed weekly, daily, or prior
21 CFR PART 11
Electronic Records
Electronic Signatures
Compliance Statement
For version 3.1 software
21 CFR Part 11 is divided into 3 Key subparts.
Subpart A—General Provisions
11.1 Scope.
11.2 Implementation.
11.3 Definitions.
Subpart B—Electronic Records
11.10 Controls for closed systems.
11.30 Controls for open systems.
11.50 Signature manifestations.
11.70 Signature/record linking.
Subpart C—Electronic Signatures
11.100 General requirements.
11.200 Electronic signature components and controls.
11.300 Controls for identification codes/passwords.
These sections provide a table which contains the
Note requirements of 21 CFR Part 11, subparts B & C, as well as
the corresponding information regarding of how the
Polychromix PHAZIR Rx™ and microPHAZIR Rx™ can be used
to achieve comprehensive regulatory compliance.
Polychromix PHAZIR Rx™ PACKAGE contains the functionality
Page 5 of 16
and tools required to demonstrate to the FDA that electronic
records and electronic signatures can be generated in
accordance with the 21 CFR Part 11 regulations.
There are parts of the 21 CFR Part 11 regulations that are
solely the responsibility of the owner of the system.
• The terms “system” reference to either PHAZIR Rx or microPHAZIR
Rx NIR analyzers and PHAZIR Tools software packages.
•
21 CFR Part 11 Regulation Text Compliance Implementation
Status
11.10 Persons who use closed systems to The system (PHAZIR RxTM or
create, modify, maintain, or Complies microPHAZIR RxTM)is intended
transmit electronic records shall for use as “closed system”. If
employ procedures and controls the system is operated as an
designed to ensure the authenticity, open system, then the system
integrity, and, when appropriate, owner must implement
the confidentiality of electronic procedures to prevent
records, and to ensure that the unauthorized access to the
signer cannot readily repudiate the system.
signed record as not genuine. Such
procedures and controls shall The system incorporates
include features to ensure
the following: authentication and integrity
of users and data.
11.10 (a) Validation of systems to ensure Complies The system owner must
accuracy, reliability, consistent develop a protocol for the
intended performance, and the validation of the application
ability to discern invalid or altered and processes. Polychromix
records. offers products and services
to assist in the validation
process for the system.
PHAZIR Rx™ and
microPHAZIR RxTM, when used
in conjunction with the
Polychromix IQ/OQ/PQ
System Qualification Package,
provides the tools necessary
to cost and time effectively
Page 6 of 16
qualify t system including
Design Qualification (DQ),
Installation Qualification (IQ),
Operational Qualification
(OQ), and Performance
Qualification (PQ).
Polychromix PHAZIR™ Data
Management software
prevents data from being
deleted and monitors to
ensure that data is not
altered.
11.10 (b) The ability to generate accurate and Complies The system can export data
complete copies of records in both in a comma separated (CSV)
human readable and electronic file format, in addition to the
form suitable for inspection, review, standard encrypted format, in
and copying by the agency. Persons order to present records in a
should contact the agency if there human‐readable form.
are any questions regarding the
ability of the agency to perform Reports are generated using
such review and copying of the HTML templates and can be
electronic records. stored as simple JPEG files.
This widely used format
ensures compatibility with
human readable records.
11.10 (c) Protection of records to enable their Complies All electronic records
accurate and ready retrieval generated by the system can
throughout the records retention be archived on a secure
period. server to facilitate records
retention. It is the
responsibility of the system
owner to develop procedures
to archive and verify the
retrieval of electronics data.
Records can be exported
from the system in a CSV
format which can be
imported into LIMS systems.
The system uses a checksum
to protect against intentional
Page 7 of 16
and accidental data
manipulation.
11.10 (d) Limiting system access to Complies The system provides
authorized individuals. controlled access via the MS
Windows operating system
and the Polychromix software
packages which has an
independent secure login
process which requires User
IDs and passwords (if
required).
Duplicate User IDs are
prohibited.
Configuration and
maintenance of user accounts
is the responsibility of the
system owner.
11.10 (e) Use of secure, computer‐generated, Complies Each time electronic records
time‐stamped audit trails to are generated, information
independently record the date and about these actions are
time of operator entries and actions recorded in an audit trail with
that create, modify, or delete the operator, actions,
electronic records. Record changes date/time, and record
shall not obscure previously checksum.
recorded information. Such audit
trail documentation shall be
retained for a period at least as long
as that required for the subject
electronic records and shall be
available for agency review and
copying.
11.10 (f) Use of operational system checks to Complies Operation of the system is
enforce permitted sequencing of based on PHAZIR Applications
steps and events, as appropriate. which consist of a sequence
of steps and parameters.
Typically these steps would
involve data collection,
processing, evaluation,
archiving, and electronic
records controls. Once
configured, an Application
Page 8 of 16
allows the user to execute an
unchangeable series of step‐
by‐step operations which
eliminate undesirable
variations and reduces the
potential for operator error.
11.10 (g) Use of authority checks to ensure Complies The Polychromix PHAZIR Rx™
that only authorized individuals can software suite provides
use the system, electronically sign a controlled access via the MS
record, access the operation or Windows operating system.
computer system input or output The PHAZIR Rx software
device, alter a record, or perform package controls access with
the operation at hand. secure user ID. User accounts
are controlled by the
PHAZIR™ Setup Utility
Software with defines user
access privileges for all of the
described actions.
11.10 (h) Use of device (e.g., terminal) checks Complies Parameters are selected from
to determine, as appropriate, the pull down select boxes and
validity of the source of data input user input in such as way that
or operational instruction. only validated selections are
available.
Once selected and integrated
into a PHAZIR™ Application,
the operator is not provided
access to change parameters.
PHAZIR™ METHODS can be
stored in a non‐editable and
encrypted format to prevent
accidental or deliberate
manipulation.
11.10 (i) Determination that persons who Complies Training courses are available
develop, maintain, or use electronic at our facility in Wilmington
record/electronic signature systems MA, Internet Training
have the education, training, and courses, and at customer
experience to perform their sites.
assigned tasks.
Polychromix has qualified and
experienced development
Page 9 of 16
and support staff.
Polychromix personnel work
according to internal ISO
9001/2000 SOPs.
11.10 (j) The establishment of, and Complies / The system owner is
adherence to, written policies that User responsible for establishing
hold individuals accountable and Responsibility policies to hold individuals
responsible for actions initiated accountable and responsible
under their electronic signatures, in for actions initiated under
order to deter record and signature their electronic signatures, in
falsification. order to deter record and
signature falsification.
11.10 (k) Use of appropriate controls over Complies All necessary documentation
systems documentation including: is included with each system
delivery.
11.10 (k) (1) Adequate controls over the Complies Polychromix provides
distribution of, access to, and use of documentation for operation
documentation for system and maintenance in both
operation and maintenance. written and digital formats.
Documentation
management and release
procedures are controlled
according to Polychromix’s
ISO 9000 procedures.
Note: It is the responsibility of
the system owner to control
the system documentation.
11.10 (k) (2) Revision and change control Complies Polychromix provides version
procedures to maintain an audit control for software,
trail that documents time‐ firmware, and documentation
sequenced development and that can be incorporated into
modification of systems the system owner’s
documentation. documentation control
system.
Note: It is the responsible of
the system owner to control
system documentation and
change control.
Page 10 of 16
§ 11.30 Controls for open systems.
Page 11 of 16
HTML templates, and
generate reports in JPEG or
PDF formats.
11.50 (a)(2) The date and time when the Complies Time and date stamps are
signature was executed automatically added to the
electronic record.
11.50 (a)(3) The meaning (such as review, Complies The system provides the
approval, ability to define up to four
responsibility, or authorship) signature meanings.
associated with the signature
11.50 (b) The items identified in paragraphs Complies The signature is included in
(a)(1), (a)(2), and (a)(3) of this the human readable and
section shall be subject to the same printable form of the
controls as for electronic records electronic record.
and shall be included as part of any
human readable form of the
electronic record
(Such as electronic display or
printout).
11.70 Signature/record linking.
Electronic signatures and Complies The digital signature is stored
handwritten signatures executed to inside the report and is
electronic records shall be linked to therefore fundamentally
their respective electronic records to linked to the records to which
ensure that the signatures cannot it is related. Signatures
be excised, copied, or otherwise cannot be deleted, modified,
transferred to falsify an electronic or copied.
record by ordinary means.
Records are protected from
illegal or unauthorized
manipulation.
Subpart C—Electronic Signatures
11.100 (a) General requirements. Complies Duplicate user names are
Each electronic signature shall be prohibited.
unique to one individual and shall
not be reused by, or reassigned to,
anyone else.
Page 12 of 16
11.100 (b) Before an organization establishes, Complies The system owner must
assigns, certifies, or otherwise develop and execute
sanctions an individual’s electronic System appropriate procedures to
signature, or any element of such owner’s verify user identities.
electronic signature, the responsibility
organization shall verify the identity
of the individual.
11.100 (c) Persons using electronic signatures Complies The system owner must
shall, prior to or at the time of such develop and execute
use, certify to the agency that the System appropriate procedures
electronic signatures in their owner’s
system, used on or after August 20, responsibility
1997, are intended to be the legally
binding equivalent of traditional
handwritten signatures.
11.100(c)(1) The certification shall be submitted Complies The system owner must
in paper form and signed develop and execute
with a traditional handwritten System appropriate procedures
signature, to the Office of Regional owner’s
Operations (HFC–100), 5600 Fishers responsibility
Lane, Rockville, MD 20857.
11.100(c)(2) Persons using electronic signatures Complies The system owner must
shall, upon agency request, provide develop and execute
additional certification or testimony System appropriate procedures
that a specific electronic signature is owner’s
the legally binding equivalent of the responsibility
signer’s handwritten signature.
11.200 Electronic signature components
and controls.
11.200 (a) (a) Electronic signatures that are N/A PHAZIR Rx™ Software does
not based upon biometrics shall: not support biometric
identification.
11.200 (a)(1) (1) Employ at least two distinct Complies To execute an electronic
identification components such as signature both user id and
an identification code and user password are required.
password. PHAZIR™ Setup Utilities
. require that each user
account be unique.
11.200 (a)(1)(i) (i) When an individual executes a Complies When an individual executes
series of signings during a single, a series of signings during a
Page 13 of 16
continuous period of controlled single, continuous period of
system access, the first signing shall controlled system access, the
be executed using all electronic first signing requires both
signature components; subsequent User ID as well as password
signings shall be executed using at inputs.
least one electronic signature
component that is only executable The system provides a
by, and designed to be used only by, meaning of batch signing a
the individual. series of records using the
PHAZIR™ Data Management
Software.
11.200 (a)(1)(ii) When an individual executes one or Complies Both user ID and password
more signings not performed during are required for non‐
a single, continuous period of continuous access periods.
controlled system access, each
signing shall be executed using all of
the electronic signature components
11.200 (a)(2) Be used only by their genuine Complies / The system owner must
owners; and System Owner develop and execute an
Responsibility appropriate SOP.
11.200 (a)(3) Be administered and executed to Complies / The system owner must
ensure that attempted use of an System Owner develop and execute an
Individual’s electronic signature by Responsibility appropriate SOP.
anyone other than its genuine
owner requires collaboration of two
or more individuals.
11.200 (b) Electronic signatures based upon Not applicable Electronic signatures based
biometrics shall be designed to on biometric devices are not
ensure supported
that they cannot be used by anyone
other than their genuine owners
11.300 Controls for identification
codes/passwords.
Persons who use electronic
signatures based upon use of
identification codes in combination
with passwords shall employ
controls to ensure their security and
integrity. Such controls shall
Page 14 of 16
include:
11.300 (a) Maintaining the uniqueness of Complies The system ensures that user
Each combined identification code ID and password
and password, such that no two combinations are unique.
individuals have the same
combination of identification code
and password.
11.300 (b) Ensuring that identification code Complies The system owner must
and password issuances are develop and execute
periodically checked, recalled, or System Owner appropriate SOPs.
revised (e.g., to cover such events as Responsibility
password aging).
11.300 (c) Following loss management Complies The PHAZIR™ Setup Utility
procedures to electronically provides the ability to disable
deauthorize lost, stolen, missing, or users, and assigns new
otherwise potentially compromised passwords.
tokens, cards, and other devices
that bear or generate
identification code or password
information, and to issue temporary
or permanent replacements using
suitable, rigorous controls.
11.300 (d) Use of transaction safeguards to Complies The system owner must
prevent unauthorized use of develop and execute an
passwords and/or identification System Owner appropriate SOP.
codes, and to detect and report in Responsibility PHAZIR ™ Setup Utilities
an immediate and urgent manner provides a means to
any attempts at their unauthorized automatically lockout a user
use to the system security unit, and, after specific number illegal
as appropriate, to organizational login attempts are exceeded
management.
11.300 (e) Initial and periodic testing of Does not apply The system uses a
devices, such as tokens or cards, combination of user ID and
that password but does not
bear or generate identification code support tokens or cards.
or password information to ensure
that they function properly and
have not been altered
Page 15 of 16
Please forward any questions or comments to the
following:
Polychromix, Inc.
30 Upton Drive
Wilmington, MA 01887
P: 978.284.6000
F: 978.284.6060
sales@polychromix.com
Page 16 of 16