21 CFR Part 11 Compliance

Assessment

An Oracle White Paper
January 2009


21 CFR Part 11 Compliance Assessment Page 2
21 CFR Part 11 Compliance Assessment
EXECUTIVE OVERVIEW
The purpose of this document is to provide an assessment of compliance for
Oracle Applications release 11i to FDA 21 CFR Part 11 Final Rule published March
20, 1997, with an effective date of August 20, 1997 as well as the Guidance for
Industry Part 11- Electronic Records and Electronic Signatures Scope and Application
published in August 2003. The body of this document replies to each relevant
section of FDA 21 CFR Part 11.
The final rule and the guidance documents are available on the FDAs website at
the following URLs:
http://www.fda.gov/ora/compliance_ref/part11/FRs/background/pt11finr.pdf
http://www.fda.gov/cder/guidance/5667fnl.pdf
INTRODUCTION
Companies whose manufactured products and processes are regulated by
government agencies, such those in food and beverage, life sciences
(pharmaceutical, biotechnology, biopharmaceutical, medical devices), and some
chemical manufacturing must keep detailed records of their product manufacturing
processes. Current practice in these regulated industries is to maintain paper
records of all information pertaining to the manufacture of their products. Current
Good Manufacturing Practices (cGMP) for pharmaceutical manufacturers is to
retain these records for a period equal to the life of the product plus seven years. It
is easy to see how maintenance of just the batch records for even a relatively short-
lived product can become quite cumbersome.
For obvious reasons, it is desirable to be able to maintain and store these records
in electronic format. This is of particular importance for regulated industries in
light of the Food and Drug Administrations (FDA) regulation on electronic
records and signatures called 21 CFR Part 11 (Part 11).
Effective on August 20, 1997, 21 CFR Part 11 represents the combined effort of
divisions within the US Food and Drug Administration (FDA), along with
members of the pharmaceutical industry, to establish a uniform, enforceable,
baseline standard by which the FDA will consider electronic records equivalent to
paper records and electronic signatures equivalent to traditional handwritten
signatures. The rule applies to any records in an electronic format that are created,
21 CFR Part 11 Compliance Assessment Page 3
modified, maintained, archived, retrieved, or transmitted under any agency records
requirements. The regulation provides a uniform, enforceable, baseline standard
for accepting electronic signature and records and provides a level of confidence
that records maintained in accordance with the rule will be of high integrity. Part
11 is intended to create criteria for electronic record keeping technologies while
preserving the FDAs ability to protect and promote the public health. Part 11
describes the technical and procedural requirements that must be met if an entity
maintains records electronically and chooses to sign records, where required by the
predicate rules, with electronic signatures.
ORACLES COMMITMENT TO LIFE SCIENCES
Oracle is committed to serving the Life Sciences industries and understands that
21 CFR Part 11 represents one of industrys biggest challenges, while at the same
time is a significant opportunity to reduce paperwork and the cost of regulatory
compliance.
"My industry is going to become pretty boring soon I don't believe you'll ever see this
proliferation of informatics companies or computer companies like you saw in the decade of the
Nineties. The life sciences industry is where the horizons are wide open. There'll be lots and lots of
companies born, lots of new products, lots of new science at least for the next 50 years.
Because of that...we've decided to focus heavily on the life sciences
industry.
-Larry Ellison, CEO, Oracle Corporation, Bio-IT World, March 2002
21 CFR Part 11 Compliance Assessment Page 4
ORACLES 21 CFR PART 11 TOOLSET
The remainder of this document will provide direct responses of how the Oracle
solution addresses each relevant section of FDA 21 CFR Part 11.
2.3 Subpart B - Electronic Records
Persons who use closed systems to create, modify, maintain, or transmit electronic records shall
employ procedures and controls designed to ensure the authenticity, integrity, and, when
appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily
repudiate the signed record as not genuine. Such procedures and controls shall include the following
(refer to sections (a) through (k)):
(a) Validation of systems to ensure accuracy, reliability, consistent intended performance,
and the ability to discern invalid or altered records.
Oracle Response:
Validation of the software system is the owners responsibility. This includes
functional testing that defines what the system should do including
performance, security and data integrity requirements, and integration testing
within the owners environment. Responsibility for hardware qualification testing,
software installation/operational qualification, and re-qualification of the
application is also incumbent upon the system owner.
Oracle does, however, offer tools to assist with the validation process.
Oracle / HP Test Starter Kit
Available through Oracles MetaLink online customer support site for Oracle E-
Business Suite customers, the Test Starter Kit contains a set of test plans, manuals
and automated test scripts for the core business processes in the Oracle E-
Business Suite, as well as Best Practices documentation that describes how to use
HP tools to validate functionality and performance of Oracle applications. This
test package makes it possible for customers to develop a strategy for future
migration and upgrade to Oracle E-Business Suite Release 12.
Specifically, the Oracle / HP Test Starter Kit includes:
Best Practices documentation to shorten the learning curve for Quality
Assurance (QA) personnel using HP automated testing tools for
validating Oracle E-Business Suite;
Automated scripts to help prove the compatibility between HPs tools set
and Oracle E-Business Suite technologies;
A Library of Oracle custom functions that speed up the process of
creating new test scripts;
A set of prepackaged, automated functional and performance scripts, as
well as manual tests, that provide a basic verification for the new
installation of Oracle E-Business Suite Release 12; and
2.3.1 11.10 Controls for closed
systems
21 CFR Part 11 Compliance Assessment Page 5
A template of HP Quality Center projects to manage test planning and
execution.
Oracle Governance, Risk and Compliance Solutions
Oracle delivers a comprehensive GRC platform that works across heterogeneous
environments. Oracle combines risk intelligence and analytics, end-to-end support
for cross-industry and industry-specific GRC processes, and best-in-class controls
enforcement and data security, so you can
Leverage a centralized repository of GRC information. Built on the
industrys leading content management solution, Oracle unifies disparate silos of
GRC data across multiple mandates, frameworks, systems, and lines of business to
deliver insight into risk-adjusted performance.
Manage GRC processes across the enterprise. Rationalize your risk mitigation
efforts, processes and deliverables across GxP quality assurance, financial
assurance, workforce training, and IT governance.
Certified Implementation Partners
Oracle customers have chosen to follow various paths in securing the expertise
needed to validate their operating environments. Some have chosen to rely on
internal validation and system expertise; others have worked exclusively with
Oracle partners who specialize in implementing Oracle products in regulated
environments, while other customers have chosen a combination of Oracle
Consulting Services (OCS) and a partner to manage the validation process.
Oracle Applications are currently operational in validated manufacturing
environments around the globe. Oracle Consulting Services and approved Oracle
implementation partners may be contracted to assist the systems owner with the
validation process.
Audited Software Development Organization
Oracles software development and quality assurance processes are fully
documented and utilize GAMP, Six Sigma, PMI, CMM, CMMI, and ISO
methodologies as standard benchmarks. The development organization is
regularly audited internally for compliance to procedures and has been audited by
several of the world's largest pharmaceutical companies.

(b) The ability to generate accurate and complete copies of record in both human readable
and electronic form suitable for inspection, review, and copying by the agency. Persons
should contact the agency if there are any questions regarding the ability of the agency to
perform such review and copying of the electronic records.
Oracle Response:
Oracle E-Records securely stores controlled electronic records in both XML
format and in the final format the record reviewers and signers see, which can be
ASCII text or Adobe PDF

. XML provides for advanced search capabilities,

21 CFR Part 11 Compliance Assessment Page 6
portability, conformity with FDA standards, and the ability to reconstruct the
eRecord in the future, regardless of changes in technology. Additional elements
stored with the eRecord include the DTD (Data Type Definition) and the XSL
(text formatted style sheet). Text format is also saved because programs used to
view text are ubiquitous and will display text consistently, whereas an html-based
record may display differently when viewed through various browsers, such as
Netscape or Internet Explorer. In addition the e-record output can be generated
and stored in PDF

l.
Additionally, standard export/import facilities may be used for making copies of
selected Audit Tables in order to provide the information in bulk form to the FDA
in physical media form (cartridge, CD, tape reel). All data can be printed in
human-readable form through the reports option or through SQL programming,
in electronic form through SQL or table views and datasets, or through replication
of the database itself.

(c) Protection of records to enable their accurate and ready retrieval throughout the records
retention period.
Oracle Response:
Limiting access to the application to authorized personnel and restricting their
roles and assigned tasks controls protection of records online.
Information stored in the Oracle database is subject to a multitude of advanced
security features available to ensure that data is not accessed, viewed, or altered by
those who are unauthorized to do so.

(d) Limiting system access to authorized individuals.
Oracle Response:
Oracle Applications has a comprehensive set of features to ensure a system
administrator can maintain application security. Maintenance and adherence to the
procedures, which ensure that the systems security features are the responsibility
of the systems owner. Display of the active users full name prominently on the
main application window is also available as an added security feature.

(e) Use of secure, computer-generated, time-stamped audit trails to independently record the
date and time of operator entries and actions that create, modify, or delete electronic
records. Record changes shall not obscure previously recorded information. Such audit
trail documentation shall be retained for a period at least as long as that required for
the subject electronic records and shall be available for agency review and copying.
21 CFR Part 11 Compliance Assessment Page 7
Oracle Response:
Oracle Applications supports the capability to optionally maintain full audit trails
on user specified tables. Using Audit Trails, all prior and current versions of data
are stored in the database audit tables, along with the userid, and date/time.
Records that have been marked for logical deletion are similarly stored.









Audit Trail Online Inquiry
Standard reports and inquiries into the audit data are included.
The audit trail cannot be disabled or modified by the user. Any action by the
system administrator to modify the audit trail setup will require the approval of at
least one other person via an automated Oracle Workflow process.
Each audit record that is created is preserved; no audit record is overwritten. The
original data value and any subsequent values are retained by the application.

(f) Use of operational system checks to enforce permitted sequencing of steps and events, as
appropriate.
Oracle Response:
Oracle Applications make extensive use of the Oracle Workflow Product to define
and control business processes. Examples can be made of processes controlled by
Workflow in the Manufacturing Applications that uses Workflow to control the
approval process of various data components including Engineering Change
Orders, Inventory Items, Formulas, Routings, Recipes and Quality Specifications.
When these entities are created or modified, an approval process begins to obtain
required approvals from predefined individuals. Only when all approvals are
obtained will the entity be usable in the production process.
Additionally, Oracle Applications customers can use the Oracle Workflow product
and its Workflow Designer Tool to create custom workflows appropriate to their
operations and control and monitoring requirements.

21 CFR Part 11 Compliance Assessment Page 8
Another example of operational system checks in Oracle Applications are material
lot statuses which have business rules associated with them which control where
designated lots of material may be used or is it is rejected or quarantined.
The processing of production orders or work orders are also controlled if
electronic signature capability is enabled at the operation or routing step level,
whereby start of the next or completion of the previous step in a series is
prohibited until all required electronic signatures are obtained for the current and
preceding steps.

(g) Use of authority checks to ensure that only authorized individuals can use the system,
electronically sign a record, access the operation or computer system input or output
device, alter a record, or perform the operation at hand.
Oracle Response:
The authority check occurs as the user signs on to the system using a unique userid
and password. Privileges associated with the userid determine the allowed actions
that user may perform; for instance, only users with access to the Lot Status
Change privilege may alter the status of a material lot.
The GMP critical functions in Oracle Applications are typically managed as a
closed system such that a system administrator who defines Oracle Applications
users controls user access, and assigns one or more responsibilities to each user.
Defining Application Users
A system administrator enables a new user in Oracle Applications by defining an
application username and a password. The system administrator defines an initial
password, then the first time the application user signs on, he/she must enter a
new (secret) password. Applications security is further enhanced by the following
capabilities:
User passwords are masked during entry and encrypted in the
database
Rules can be set for choosing passwords to ensure that they will be
hard to guess
Application users can be automatically disabled after a predefined
number of uses
Application users can be automatically disabled outside of a
predefined date range
Application users can be automatically disabled after a predefined
number of unsuccessful login attempts
User session timeouts which requiring reentry of username and
password after predetermined period of session inactivity
21 CFR Part 11 Compliance Assessment Page 9
Automatic alerts triggered by unauthorized system access attempts
When an application user is defined the user is assigned to one or more
responsibilities. If assigned to only one responsibility, the user, after signing on,
immediately enters an application. If assigned to two or more responsibilities, the
user, after signing on, sees a window listing available responsibilities.
Responsibilities Define Application Privileges
A responsibility is a level of authority in Oracle Applications that lets users access
only those Oracle Applications functions and data appropriate to their roles in an
organization. Each responsibility allows access to:
A specific application or applications, such as Oracle General Ledger
or OPM Quality Management..
A set of books, such as U.S. Operations or German Sales or an
organization, such as New York Manufacturing or New York
Distribution.
A restricted list of windows that a user can navigate to; for example, a
responsibility may allow certain Oracle Planning users to enter
forecast items, but not enter master demand schedule items.
A restricted list of functions a user can perform. For example, two
responsibilities may have access to the same window, but one
responsibilitys window may have additional function buttons that the
other responsibilitys window does not have.
Reports in a specific application; as system administrator, you can
assign groups of reports to one or more responsibilities, so the
responsibility a user choose determines the reports that can be
submitted. Each user has at least one or more responsibilities and
several users can share the same responsibility. A system
administrator can assign users any of the standard responsibilities
provided with Oracle Applications, or create new custom
responsibilities.
Auditing User Activity
Oracle Applications provides a SignOn Audit feature that allows a system
administrator to monitor and report on user activity. This feature enables the
administrator to:
Track what users are doing and when they do it
Choose who to audit and what type of information to audit
View quickly online what users are doing
Check the security of the application
21 CFR Part 11 Compliance Assessment Page 10
With SignOn Audit enabled, an administrator can record usernames, terminals,
and the dates and times the users access Oracle Applications. SignOn Audit can
also track the responsibilities and forms your users use, as well as the concurrent
processes they run.

(h) Use of device (e.g., terminal) checks to determine, as appropriate, the validity of the
source of data input or operational instruction.
Oracle Response:
Oracle addresses this requirement with several features to address validity of the
source of data input:
Oracle has the capability to display the active users full name
prominently on the main application window as an added security
feature to verify their identity during data input.
Interactively alert users that violate a user-defined range or metadata
definition during the data entry process.
Oracle supports synchronous or asynchronous data loading processes
that allow the user to load electronic data, in a defined format
through standard Application Program Interfaces (APIs). During the
loading process if data violate a predefined structure (e.g., attempting
to load a production batch transaction for an item that has not been
created in the database), the application will prevent the load.

(i) Determination that persons who develop, maintain, or use electronic record/electronic
signature systems have the education, training, and experience to perform their assigned
tasks.
Oracle Response:
Oracle hiring and retention programs are designed to attract and retain the best
and brightest in the industry. QA team members hold or are pursuing recognized
software QA industry certifications, and several have received or are pursuing
Masters degrees in information technology or quality management.
There is a dedicated Product Manager focused specifically on the regulatory
requirements for the life science industries who communicates the regulatory
requirements to the software QA and Engineering groups. The Product Manager is
familiar with CFR, and GAMP guidelines, along with attending and participating in
industry conferences and events. Product manager also facilitates industry
Customer Advisory Boards (CABs) and special interest groups (SIGs).

21 CFR Part 11 Compliance Assessment Page 11
(j) The establishment of, and adherence to, written policies that hold individuals
accountable and responsible for actions initiated under their electronic signatures, in
order to deter record and signature falsification.
Oracle Response:
The establishment and enforcement of policies is the responsibility of the systems
owner, however Oracle offers tools to assist in this process.
Oracle Tutor enables customers to integrate their organizations
procedures with system training, helping to insure an employees
understanding of how to use the Oracle E-Business Suite within the
context of his/her job.
The setup of the electronic signature capability in Oracle Applications
provides the capability to control who is empowered to affix specified
types of signatures (Authorship, Review, Approval, for example) to
specified events (inventory transactions, production batch status
change, recipe status change, for example).
When electronic signatures are called for in the application, a
configurable message always displays to alert the signer that their
electronic signature is the legally binding equivalent of their
handwritten signature.

(k) Use of appropriate controls over systems documentation including:
(1) Adequate controls over the distribution of, access to, and use of
documentation for system operation and maintenance.
Oracle Response:
Oracle distributes the necessary system documentation with each major release.
Control over the distribution of that system documentation is the systems owners
responsibility. Note that access to system facilities requires the appropriate
passwords, which need to be kept secure.

(2) Revision and change control procedures to maintain an audit trail that
documents time-sequenced development and modification of systems
documentation.
Oracle Response:
Oracle follows documented change control procedures when making edits to the
Oracle Application User Documentation that is included with each major product
release. All changes are logged according to the change control procedures.

21 CFR Part 11 Compliance Assessment Page 12

Persons who use open systems to create, modify, maintain, or transmit electronic records shall
employ procedures and controls designed to ensure the authenticity, integrity, and, as appropriate,
the confidentiality of electronic records from the point of their creation to the point of their receipt.
Such procedures and controls shall include those identified in Sec. 11.10, as appropriate, and
additional measures such as document encryption and use of appropriate digital signature
standards to ensure, as necessary under the circumstances, record authenticity, integrity, and
confidentiality.
Oracle Response:
The GMP critical functions in Oracle Applications are typically implemented in a
closed system environment; however, the system owner has responsibility to
control how system access approvals are granted.
Digital signature capability will be available as native capability in Oracle
Applications in a future release for those organizations that wish to operate parts
of their system as an open system.


(a) Signed electronic records shall contain information associated with the signing that
clearly indicates all of the following:
(1) The printed name of the signer;
(2) The date and time when the signature was executed; and
(3) The meaning (such as review, approval, responsibility, or authorship)
associated with the signature.
Oracle Response:
Oracles Electronic Records and Electronic Signatures Framework shows the full
name of the signer from the user profile, date and time, and signature meaning for
each signature event associated with a record. This information is displayed on all
inquiries and printouts of signed records. Refer to the Oracle E-Records Data
Sheet available from the following URL:
http://www.oracle.com/industries/life_sciences/ds_erecords.pdf






2.3.2 11.30 Controls for open
systems
2.3.3 11.50 Signature
Manifestations

21 CFR Part 11 Compliance Assessment Page 13




Electronic Signature Details on a Batch Close Event

(b) The items identified in paragraphs (a)(1), (a)(2), and (a)(3) of this section shall be
subject to the same controls as for electronic records and shall be included as part of any
human readable form of the electronic record (such as electronic display or printout).
Oracle Response:
All information mentioned in the responses to paragraphs (a)(1), (a)(2), and (a)(3)
of this section is stored in the same Oracle relational database. As such, all of the
information may be printed/displayed as part of any human readable form
extracted from the database.

Electronic signatures and handwritten signatures executed to electronic records shall be linked to
their respective electronic records to ensure that the signatures cannot be excised, copied, or
otherwise transferred to falsify an electronic record by ordinary means.
Oracle Response:
Electronic signatures are logically linked via secure relational database table links to
the appropriate signed records. Users do not have access to alter these links. Once
signatures are entered, they are viewable in read-only format only. Refer to the
Oracle E-Records Data Sheet available from the following URL:
http://www.oracle.com/industries/life_sciences/ds_erecords.pdf
2.3 Subpart C - Electronic Signatures
(a) Each electronic signature shall be unique to one individual and shall not be reused by,
or reassigned to, anyone else.
Oracle Response:
Electronic signatures employ compliant userid and password combinations in
native Oracle Applications security as described in section 2.31 11.10.

(b) Before an organization establishes, assigns, certifies, or otherwise sanctions an
individual's electronic signature, or any element of such electronic signature, the
organization shall verify the identity of the individual.
2.3.4 11.70 Signature/record
linking
2.4.1 11.100 General
requirements
21 CFR Part 11 Compliance Assessment Page 14
Oracle Response:
This is the responsibility of the systems owner, although features of Oracle
Applications may be used to attach a photographic image or other type of
electronic identification to the application users profile and store it in the Oracle
database.

(c) Persons using electronic signatures shall, prior to or at the time of such use, certify to the
agency that the electronic signatures in their system, used on or after August 20, 1997,
are intended to be the legally binding equivalent of traditional handwritten signatures.
Oracle Response:
This is the responsibility of the systems owner.

(1) The certification shall be submitted in paper form and signed with a traditional
handwritten signature, to the Office of Regional Operations (HFC-100), 5600
Fishers Lane, Rockville, MD 20857.
Oracle Response:
This is the responsibility of the systems owner.

(2) Persons using electronic signatures shall, upon agency request provide additional
certification or testimony that a specific electronic signature is the legally binding
equivalent of the signer's handwritten signature.

Oracle Response:
This is the responsibility of the systems owner.

(a) Electronic signatures that are not based upon biometrics shall
(1) Employ at least two distinct identification components such as an identification
code and password.

Oracle Response:
Electronic signatures require entry of a valid userid and password. Refer to the
Oracle E-Records Data Sheet available from the following URL:
http://www.oracle.com/industries/life_sciences/ds_erecords.pdf

(i) When an individual executes a series of signings during a single,
continuous period of controlled system access, the first signing shall be
executed using all electronic signature components; subsequent signings
shall be executed using at least one electronic signature component that
is only executable by, and designed to be use only by, the individual.
2.4.2 11.200 Electronic signature
components and controls
21 CFR Part 11 Compliance Assessment Page 15
Oracle Response:
All electronic signature entries require entry of userid and password.

(ii) When an individual executes one or more signings not performed during
a single, continuous period of controlled system access, each signing shall
be executed using all of the electronic signature components.
Oracle Response:
All electronic signature entries require entry of userid and password.

(2) Be used only by their genuine owners; and
Oracle Response:
This is the responsibility of the systems owner.

(3) Be administered and executed to ensure that attempted use of an individual's
electronic signature by anyone other than its genuine owner requires collaboration
of two or more individuals.
Oracle Response:
It is the responsibility of the systems owner to define appropriate password aging
and administer an environment where users do not share userids and passwords.
Even when a user forgets his/her password, and a system administrator must reset
it, the user must change the system administrator-assigned password the first time
the log in.

(b) Electronic signatures based upon biometrics shall be designed to ensure that they cannot be
used by anyone other than their genuine owners.
Oracle Response:
Oracle Applications does not natively make use of biometrics for user
authentication; although partners could be recommend whose solutions interface
with Oracle Applications.

Persons who use electronic signatures based upon use of identification codes in combination with
passwords shall employ controls to ensure their security and integrity. Such controls shall include:
(a) Maintaining the uniqueness of each combined identification code and password, such that no
two individuals have the same combination of identification code and password.
Oracle Response:
User IDs are required by the application to be unique, and the entry of the correct
userid and password combination are required for entry of an electronic signature.

2.4.3 11.300 Controls for
identification codes/passwords
21 CFR Part 11 Compliance Assessment Page 16
(b) Ensuring that identification code and password issuances are periodically checked, recalled,
or revised (e.g., to cover such events as password aging).
Oracle Response:
Password aging (by user) is controlled by the system administrator using standard
Oracle Applications system administration functionality.

(c) Following loss management procedures to electronically deauthorize lost, stolen, missing, or
otherwise potentially compromise tokens, cards, and other devices that bear or generate
identification code or password information, and to issue temporary or permanent
replacements using suitable, rigorous controls.
Oracle Response:
A userid may be disabled in the application if access to that userid has been
compromised. The system administrator can define a predetermined number of
incorrect login attempts, or a date after which a userid will be disabled. The
existing electronic records, which reference that userid, along with the userid
description and users name, may still be preserved for audit purposes. The system
administrator can then reactivate the userid, or define a new userid and password,
providing the cause of the original exposure has been understood and resolved.

(d) Use of transaction safeguards to prevent unauthorized use of passwords and/or identification
codes, and to detect and report in an immediate and urgent manner any attempts at their
unauthorized use to the system security unit, and, as appropriate, to organizational
management.
Oracle Response:
User IDs can be automatically disabled after a set number of incorrect entries of a
password. Additionally, failed attempts to log in to the system may be detected
and stored in an audit trail using standard Oracle Applications functionality. Failed
attempts on password re-entry after logon are also stored in an Audit table. Using
Oracle Alert, immediate alerts of unauthorized system access attempts may be sent
to system administrators via email, or a wireless device such as a cell phone, pager,
or PDA.

(e) Initial and periodic testing of devices, such as tokens or cards, that bear or generate
identification code or password information to ensure that they function properly and have
not been altered in an unauthorized manner.
Oracle Response:
Oracle Applications in general do not make use of tokens or cards for user
authentication, although partners could be recommended whose solutions
interface with Oracle Applications.
21 CFR Part 11 Compliance Assessment Page 17

CONCLUSION
Complying with the technical requirements of FDA 21 CFR Part 11 is critical for
software applications that manage GMP critical data. Oracle Applications offers an
unmatched set of tools to help enterprises in regulated industries address these
requirements and maintain electronic records. All functionality described herein is
developed and maintained by Oracle.

21 CFR Part 11 Compliance Assessment
Version I
Last Update Date: January 2009
Author: John E. Danese

Oracle Corporation
World Headquarters
500 Oracle Parkway
Redwood Shores, CA 94065
U.S.A.

Worldwide Inquiries:
Phone: +1.650.506.7000
Fax: +1.650.506.7200
www.oracle.com

Oracle Corporation provides the software that powers the internet.

Oracle is a registered trademark of Oracle Corporation. Various
product and service names referenced herein may be trademarks
of Oracle Corporation. All other product and service names
mentioned may be trademarks of their respective owners.

Copyright 2009 Oracle Corporation
All rights reserved.