|
|
|
|
Where appropriate, a more detailed explanation of the compliant function can be obtained from the detailed system documentation that accompanies the software. TQTECH IS CLASSIFIED as a " Closed System" Ref 11.3(b)-4, 9The agency’s definition of closed system states ``an environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system.'' The electronic signature method that this system uses: Identification code / passwordVALIDATION The system may be validated in accordance with applicable regulatory requirements to ensure the following: Accuracy 11.10(a)-1 .Reliability 11.10 (a)-2 Consistent intended performance 11.10 (a)-3 Ability to discern invalid or altered records 11.10 (a)-4 INSPECTION The system may be used to: Generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the regulating authority 11.10 (b) Protect records to enable their accurate and ready retrieval throughout the records retention period. 11.10 (c) SECURITY System security includes: System access limited to authorized individuals. 11.10(d) Operational system checks enforce the proper sequencing of steps in a process 11.10(f) Authority checks shall ensure that only authorized individuals can Use the system. 11.10(g)-1 Electronically sign a record 11.10(g)-2 Access the operation or computer system input or output device 11.10(g)-3 Alter a record 11.10(g)-4 Perform the specified operation 11.10(g)-5 AUDIT TRAILS TQTECH controls audit trails to: Be secure. 11.10(e)-1 Be computer-generated 11.10(e)-2 Be time- and date-stamped 11.10(e)-3 Independently record the date/time of operator entries and actions that create electronic records 11.10(e)-4 Modify electronic records 11.10(e)-5 Delete electronic records 11.10(e)-7 Ensure that changes to electronic records shall not obscure previously recorded information 11.10(e)-8 Ensure that audit trail records shall be maintained for at least as long as the retention of the underlying records 11.10(e)-9 Ensure that audit trail records shall be available for FDA review and copying 11.10(e)-10 11.50: SIGNATURE MANIFESTATIONS Signed electronic records contain information associated with the signing that clearly indicates all of the following: The printed name of the signer. 11.50 (a)(1) The date and time when the signature was executed. 11.50 (a)(2) The meaning of the signature. 11.50 (a)(3) Subject to the same controls as for electronic records. 11.50 (b)(1) Included as part of any human readable form of the electronic record (such as electronic display and/or printout or report). 11.50 (b)(2) 11.70: SIGNATURE/RECORD LINKING Electronic signatures, and handwritten signatures executed to electronic records, are linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means 11.70 11.100: GENERAL REQUIREMENTS FOR ELECTRONIC SIGNATURES Each electronic signature is unique to one individual and cannot be reused by, or reassigned to any other. 11.100 (a) 11.200: ELECTRONIC SIGNATURE COMPONENTS AND CONTROLS TQTECH security employs at least 2 distinct identification components such as an identification code and password When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing is executed using all electronic signature components. Subsequent signings are executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual. When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing necessitates using all of the electronic signature components. TQTECHsecurity is administered and executed to ensure that attempted use of an individual’s electronic signature by anyone other that its genuine owner requires collaboration of two or more individuals .11.300: CONTROLS FOR IDENTIFICATION CODES/PASSWORDS TQTECH security ensures persons who use electronic signatures based upon use of identification codes in combination with passwords employ controls to ensure their security and integrity, including The combination of identification code and password shall be unique. 11.300(a) Identification code and password issuance shall be periodically checked, recalled, or revised (e.g., to cover such events as password aging). 11.300(b) Electronically de-authorize devices which have been lost, stolen, or potentially compromised. 11.300(c)-1 Issue temporary or permanent replacements using suitable, rigorous controls 11.300(c)-1 Transaction safeguards are implemented to :Prevent unauthorized use of identification codes and passwords 11.300(d)-1 Detect any attempt at unauthorized use of identification codes and/or passwords 11.300(d)-2 Report (log) any attempt at unauthorized use of identification codes and passwords to the system security unit, and, as appropriate, organisational management. 11.300(d)-3.
|
