Transcript
www.tutelamedical.com
Tutela Systems Medical Monitoring and Recording Services FDA code 21 CFR part 11 Compliance White Paper 7th November 2011
Commercial in confidence – Copyright © Next Control Systems 2011. All rights reserved
www.tutelamedical.com
FDA Code 21 CRF part 11 compliance Tutela is a truly “paperless” medical monitoring and recording service. All electronic records are fully FDA 21 CFR part 11 compliant and securely stored on mirrored servers in two different geographical locations for up to 30 years. The service Tutela fully meets the exacting requirements of the FDA code which includes the use of unique electronic signatures specifically linked to operator names that are fully traceable. In addition our IT servers and databases are regulated and managed through the Company’s ISO9001:2008 quality management system. FDA 21 CFR part 11 specifically regulates the secure creation, storage and management of electronic temperature records under a strict electronic signature policy that is the gold standard for data compliance in the field of medical monitoring systems. Through our rigorous data security protocols, coupled with our 24/7 global data access via web-browser interfaces; our customers enjoy unprecedented data security, access and control of their medical monitoring processes. Whenever electronic records are generated the importance of protecting the integrity, security and traceability of the records is critical to any business operating in a medical regulatory environment. Since the publication by the FDA of 21 CFR part 11 code, electronic records and signatures can now be assumed to be equivalent to paper records and hand written signatures. Due to the nature of the Tutela remote monitoring service, compliance with code 21 CFR part 11 is easily achieved as fundamentally all data records are stored and maintained securely at an off site ‘cloud’ location where system access to the records is securely managed. Naturally the FDA code 21 CFR part 11 and subsequent issues of guidelines are open to interpretation. However, the key intention and requirements of this code are very clear. This white paper is intended to assist our existing and potential Tutela medical monitoring systems customers to satisfy themselves that the systems installed in their facilities are fully compliant with the FDA code.
2
Commercial in confidence – Copyright © Next Control Systems 2011. All rights reserved
www.tutelamedical.com
CODE Ref. 11.10a
FDA REQUIREMENTS
TUTELA COMPLIANCE
Validation of system to ensure accuracy, reliability consistent intended performance and the ability to discern invalid or altered records.
The Next ‘Tutela’ system is regularly validated by independent consultants under the Company’s ISO 9001:2008 quality management system. Validation documentation for the Tutela web-based application software is provided to our customers on their private electronic PDF document library.
11.10b
The ability to generate accurate and complete copies of records in both human and machine readable and electronic form suitable for inspection, review, and copying by the agency.
All data is accessible by the agency on the issuing of an electronic password and signature on the direct authority of our customer.
11.11c
Protection of records to enable the accurate and ready retrieval throughout the records retention period.
Tutela Systems operate a robust data backup and retention procedure under our ISO 9001:2008 quality management system. Data is stored in internationally supported SQL database structures that have a future proof migration path. All Tutela electronic data records are mirrored and stored in two separate geographical loactioins for up to 30 years.
11.10d
Limiting system access to authorized individuals.
Access to all records is strictly by electronic signature (user ID name and unique password). It is the customer’s responsibility to manage the usage of issued electronic signatures.
11.10e
Use of secure computer-generated time-stamped audit trails to independently record the date and time of operator entries and actions that create modify or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail
As the data is recorded and hosted off site the opportunity for operators to modify data is eliminated. In cases where the customer is permitted under their electronic signature to change settings, then this activity is electronically
3
Commercial in confidence – Copyright © Next Control Systems 2011. All rights reserved
www.tutelamedical.com
documentation shall be retained for a
recorded and retained for subsquent
period of at least as long as that required for the subject of electronic records and shall be available for agency review and copying.
audit purposes. Operators are no permitted to delete or modify created records. They are only permited to append information to existing records. The date and time and name of any operator activity is logged in the system for subsequent audit purposes.
11.10f
Use of operational system checks to enforce permitted sequencing of steps and events as appropriate.
Electronic audit report entry forces operators to enter information in a strict logical sequence. 1. 2. 3. 4.
Problem identified Action being taken Problem resolution Supervisor check and sign off
11.10g
Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation by hand.
As the data is recorded and hosted off site the ability for customers to modify data is eliminated. It is the customer’s responsibility to ensure that the use of unique electronic signatures are appropriately managed and cannot be abused.
11.10h
Use of device (e.g. terminal) checks to determine, as appropriate, the validity of source of data input or operational instruction.
When a user logs into the remote system the electronic name and access password they are automatically validated against a central rights and permissions table to ensure that the unique customer operator is permitted to access the appropriate level.
11.10i
Determination that persons who develop, maintain, or use electronic record/electronic signature systems have the education, training and experience to perform their assigned tasks.
Next Control Systems responsibility is managed through their ISO9001:2008 quality management system. It is up to the customer to regulate the qualification of their operators.
4
Commercial in confidence – Copyright © Next Control Systems 2011. All rights reserved
www.tutelamedical.com
11.10j.1
Establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification.
As all records are created and hosted off site by Tutela Systems, the incidence of record falsification cannot arise. It is the customer’s responsibility to ensure that the use of unique electronic signatures are apropriately managed and cannot be abused.
11.10k.2
Use of appropriate controls over systems documentation including: Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of systems documentation.
Next Control Systems documentation is fully revision controlled and is regularly audited through our ISO 9001:2008 quality management system.
11.30
Controls for open systems.
Not applicable
11.50a 1-3
Signed electronic records shall contain information associated with the signing that clearly indicates all the following: 1 The printed name of the signer. 2 The date and time when the signature was executed. 3 The meaning (such as review, approval responsibility, or authorship) associated with the signature.
Each electronic signature is time and date stamped with the name of the individual who carried out the activity. The meaning of each signature is implicit from the record to which it is associated.
11.50b
The items identified in paragraphs a.1,a.2, and a.3 of section 11.50 shall be subject to the same controls as for electronic records and shall be included as part of any human readable form of the electronic record (such as electronic display or printout)
Electronic signature data is recorded, ordered and managed by Tutela Systems in an identical manner to all other electronic data records.
11.70
Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means.
As all records are securely hosted off site by Tutela Systems the incidence of record falsification cannot arise.
5
Commercial in confidence – Copyright © Next Control Systems 2011. All rights reserved
www.tutelamedical.com
11.100a
Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else.
The system maintains and manages unique usernames and passwords (electronic signatures) which cannot be duplicated. It is the customer’s responsibility to ensure that the use of unique electronic signatures are managed and cannot be abused.
11.100b
Before an organization establishes, assigns, certifies, or otherwise sanctions an individual’s electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual.
Tutela Systems have no control over this aspect of the code. It is the customer’s responsibility to establish appropriate employee vetting policies.
11.100c 1-2
Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that electronic signatures in their system………………………
It is the customer’s responsibility to notify the FDA in writing of their intention of using electronic signatures.
11.200a.1
Electronic signatures that are not based upon biometrics shall employ at least two distinct identification components such as an identification code and password.
The Tutela system requires both unique user identification name and unique password (electronic signature) for identification.
11.200a.1.ii
When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all electronic signature components.
Where signing is applicable, multiple signings during a continuous access period are not permitted. Each signing requires the entry of the operator’s user identification name and password.
11.200a.2
Electronic signatures that are not based upon biometrics shall: Be used only by their genuine owners; and……….
It is the customer’s responsibility to order and manage the use of unique electronic signatures and to ensure that such signatures are not passed on from operator to operator.
11.200a.3
Electronic signatures that are not based upon biometrics shall: Be administered and executed to ensure that attempted use of an individual’s electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals.
It is the customer’s responsibility to manage the use/misuse of unique electronic signatures. Each operator login session is provided with an inactivity timeout to prevent unauthorised
6
Commercial in confidence – Copyright © Next Control Systems 2011. All rights reserved
www.tutelamedical.com
usage due to the previous operator failing to log out. 11.200b
Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used by anyone other than their genuine owners.
This is not applicable to the Tutela system as biometric signatures are not supported.
11.300a
Persons who use electronic signatures based upon use of identification codes in combination with passwords shall employ controls to ensure their security and integrity. Such controls shall include: a. Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password.
The Tutela systems server database utilizes password and user ID authentication protocols that do not permit duplication. Once and access password or electronic PIN code ahs expired in the system if can never be used again.
11.300b
Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging)
The system allows for the setting of an optional timeout period for each electronic signature at which point access is denied until a new signature has been issued.
11.300c
Following loss management procedures to electronically de-authorize lost, stolen, missing, or otherwise potentially compromised tokens, cards, and other devices that bear or generate identification code or password information, and to issue temporary or permanent replacements using suitable rigorous controls.
This does not apply to the Tutela system as there are no devices utilized that bear or generate identification codes or password information.
11.300d
Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management.
It is the customer’s responsibility to manage the use/misuse of unique electronic signatures. As all the electronic data is recorded and securely hosted off site, it is not possible for individuals to gain access to the data other than through fraudulent misuse of a unique electronic signature. In this case the information is strictly read only as the ability to modify electronic temperature records is not
7
Commercial in confidence – Copyright © Next Control Systems 2011. All rights reserved
www.tutelamedical.com
available. 11.300e
Initial and periodic testing of devices, such as tokens or cards, that bears or generates identification code or password information to ensure that they function properly and have not been altered in an unauthorized manner
This does not apply to the Tutela system as there are no devices utilized that bear or generate identification codes or password information.
8
Commercial in confidence – Copyright © Next Control Systems 2011. All rights reserved
