PDQuest 2-D Analysis Software

Title 21 Code of Federal Regulations (CFR) Part 11 — Electronic Records; Electronic Signatures from the United States' Food and Drug Administration (FDA) provides a standard for regulated companies for data security and integrity, electronic records, and electronic signatures. The regulation is mandatory for the pharmaceutical and biotechnology industry because the regulation affects all drug and pharmaceutical products intended for the US market.

The CFR compliance features are available as optional modules in Quantity One analysis software and PDQuest 2-D analysis software.

System Access

To provide the security required for compliance with the 21 CFR Part 11 regulations, the software's security model is layered on top on the Microsoft Windows operating system (2000 or XP Professional) security functions.

The operating system has to be properly configured; otherwise the system will not be secure and therefore will not be in compliance. The access control of the application includes the following features, based on the Windows domain/workstation:

• A log-in screen before the application starts
• Global audit entry for security, failed log-in, time out, signatures
• Automatic timing out of inactive user after a certain time
• Display of logged-in user in application window title
• Allows user groups with different access levels

The access control allows different user groups and different levels of authority:

• Administrator — system administration and full application access
• User — full application access
• Technician — only image acquisition and spot cutting
• Guest — only viewer mode

Data Security

The accuracy of the electronic copy is confirmed using a secure checksum in Quantity One software. These features are provided to ensure protection of records:

• The original raw data is saved in a backup file; this backup file is read-only and cannot be modified
• The data will be saved with the user security of the signed-in user; this will prevent unauthorized users from opening, modifying, or deleting this data
• Records created on a 21 CFR 11 system cannot be opened on a non-21 CFR 11 system, and vice versa

Audit Trails

Secure time-stamped audit trails are implemented in Quantity One to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. The audit trail can be exported to file, printed, and filtered (that is, to show only signature events).

Interactive audit trail of operator with highlighted entry corresponding to image.

The audit log includes:

• Time stamp
• User name
• Action details
• User comment (optional)
• Version of software used

Electronic Signatures

Electronic signature capability allows data files to be previewed and approved prior to further processing. The name, date and time of signature, and the meaning of the signature are stored as part of each electronic record. When a signature is performed, the associated data will be automatically saved and locked. Signed files cannot be changed or overwritten.