Revision Number: 2 Revision Date: August 6, 2001

2
Meeting the Requirements of the FDAs 21 CFR Part 11 Regulation



Table of Contents

Note: This white paper is set up in two parts:
Part I is described in the following abstract.
Part II is a checklist that explains how Intellutions software, specifically FIX v7.0, iFIX v2.21,
and iBatch v4.1, fulfills the requirements of the FDAs 21 CFR Part 11 Rule. If Part II is not
attached to this document, you may download it from www.Intellution.com.


Section 1. Introduction: What is 21 CFR Part 11?
Definition of 21 CFR Part 11 Rule
Important Definitions in 21 CFR Part 11

Section 2. Requirements of 21 CFR Part 11
Controls for Open and Closed Systems
Electronic Signatures
Signature Manifestations and Linking
Signatures During Continuous Use
Enforcement of Operating Sequence

Section 3. FDA Expectations: Compliance Policy Guide

Section 4. What Intellution Is Doing To Develop Compliant Solutions

Section 5. Best Practices and Solutions for Intellution Applications
iFIX
FIX
iBatch 4.5 and iWorkInstruction 1.0

3
Meeting the Requirements of the FDAs 21 CFR Part 11 Regulation

Abstract: The purpose of this white paper is to:

Explain briefly the United States Food and Drug Administrations (FDA) expectations of
manufacturers needing to achieve compliance with the 21 CFR Part 11 Rule.
Provide a detailed explanation of the 21 CFR Part 11 Rule.
Define the policies, procedures, and best practices needed to achieve regulatory compliance;
Explain Intellutions strategy toward providing its software users with 21CFR 11 compliance.
Provide recommendations for implementing Intellution applications in FDA-regulated
environments.

This white paper is the result of an independent audit of Intellutions iFIX, iBatch, and
FIXindustrial automation software by Stelex, Inc. (Bensalem, PA), a consulting firm providing
regulatory and validation services and solutions to FDA-regulated companies in the pharmaceutical,
medical device, and diagnostic sectors. Please see the end of this document for more information
about Intellution, Inc. and Stelex, Inc.

Important Note: While the goal of this white paper is to educate manufacturers within FDA-regulated
industries on the requirements of 21 CFR Part 11 compliancy, please note that each manufacturing
application requires distinct functionality in order to achieve FDA validation.

Intellution Professional Services offers a suite of services designed to help any customer as they
learn about 21 CFR Part 11 compliance, make plans to become compliant, execute those plans, and
ensure ongoing adherence to the regulation.
Program Summary

We have four new services designed to assist customers as they pursue 21 CFR Part 11 compliance:

Training
o Providing target audiences with sufficient knowledge to begin 21 CFR Part 11
assessment processes.
Detection
o Deliver high-end analysis and preliminary assessment of items needed for 21 CFR
Part 11 compliance for those groups responsible for implementing a validated 21
CFR Part 11-process.
Detailed Assessment
o Review and analyze the current situation, and develop an action plan to help
implement a long term validated 21 CFR Part 11 solution.
Maintenance
o Guide customers in maintaining the standards required for 21 CFR Part 11
compliance.

4
Section 1. Introduction: What is 21 CFR Part 11?

During the past decade, the pharmaceutical industry has increasingly recognized that the
implementation of paperless systems in their plant floor operations yields a myriad of benefits,
including:

Increased speed of information exchange.
Improved ability to integrate, trend and search data.
Reduced errors and variability.
Lower costs related to data storage.

In response to the industrys request for the development of a uniform approach to the acceptance of
paperless systems, the U.S. Food and Drug Administration (FDA)s Final Rule on electronic records
and electronic signatures, known as 21 CFR 11 Part 11 or 21 CFR Part 11 or the rule, was
promulgated in March 1997.

Definition of 21 CFR Part 11 Rule
21 CFR Part 11 establishes the criteria under which electronic records and electronic signatures will
be considered equivalent to paper records and handwritten signatures executed on paper. The rule
applies to records in electronic form that are created, modified, maintained, archived, retrieved, or
transmitted under any records requirements set forth in FDA regulations.

Understanding the importance of these underlying FDA regulations, or predicate rules, is critical to
developing Part 11 compliance solutions. In addition, Part 11 applies to electronic records submitted
to the FDA even those not specifically identified in any regulations.

It is worth noting, however, that Part 11 does not apply to paper records transmitted by electronic
means.

5
Important Definitions in 21 CFR Part 11

Electronic Record:
Any combination of text, graphics, data, audio, pictorial, or other information represented
in digital form that is created, modified, maintained, archived, retrieved, or distributed by a
computer system.
Electronic Signature:
A computer data compilation of any symbol or series of symbols executed, adopted, or
authorized by an individual to be the legally binding equivalent of the individuals
handwritten signature.
Handwritten Signature:
The scripted name or legal mark of an individual handwritten by that individual and
executed or adopted with the present intention to authenticate writing in a permanent
form.
Digital Signature:
An electronic signature based upon cryptographic methods of originator authentication,
computed by using a set of rules and a set of parameters such that the identity of the
signer and the integrity of the data can be verified.
Biometrics:
A method of verifying an individuals identity based on measurement of the individuals
physical feature(s) or repeatable action(s) where those features and/or actions are both
unique to that individual and measurable.
Closed System:
An environment in which system access is controlled by persons responsible for the
content of electronic records on the system.
Open System:
An environment in which system access is not controlled by persons responsible for the
content of electronic records on the system.


Section 2. Requirements of 21 CFR Part 11

In order for organizations to comply with Part 11, a number of requirements must be met. These
requirements generally concern the authenticity, integrity, and confidentiality of the electronic records
and signatures. Any computer system utilizing electronic records and signatures must be validated to
ensure its accuracy, reliability, consistent intended performance, and ability to discern invalid or
altered records. The system must be able to generate copies in both human readable (i.e., in plain
text) and electronic form that are accurate and complete. Several types of checks must be built into
Part 11-compliant systems, including authority checks that determine who has access to the system
and at what level; and device checks that determine the validity of the sources of data being entered
into the system.

Another important requirement of systems complying with Part 11 is their ability to generate an audit
trail, defined as a record showing who has accessed a computer system and what operations he or
she has performed during a given period of time. Any such audit trail must fulfill the following criteria:

Must be secure, computer-generated and time-stamped.
Must not obscure previously changed data.
Must contain the person responsible for making the change.
Must contain original and changed data.
Must be available for review and copying by the FDA.

6
Controls for Open and Closed Systems
Part 11 requires a number of procedures and controls be placed over closed electronic record
systems. Chief among them is the requirement that systems be validated to ensure their accuracy,
reliability, consistent intended performance, and ability to discern invalid or altered records. The FDA
requires that closed systems also be able to generate accurate and complete copies of electronic
records in human readable (i.e., in plain text) and electronic form such that the agency may inspect,
review, and copy those records if necessary. Electronic records must also be protected to enable
accurate and ready retrieval for the duration of any records retention period required either by FDA or
another federal agency, or by the user organizations own policies and procedures.

Limited System Access; Precise Audit Trails
Organizations using electronic records must also limit system access to authorized individuals and
include inactivity timeout periods. The generation and use of audit trails are critical elements of Part
11. Such audit trails must be secure, computer-generated, and time-stamped so as to independently
record the date and time of operator entries and actions that create, modify, or delete electronic
records. Record changes made in closed systems shall not obscure previously recorded information.
Any audit trail documentation shall be retained for a period at least as long as that required for the
subject electronic records and shall be available for review and copying by FDA.

Authority Checks
The rule also requires that certain checks be placed on closed systems. These include the use of
authority checks to ensure that only authorized individuals can use the system, electronically sign a
record, access the operation or computer system input or output device, alter a record, or perform the
operation at hand; and device checks to determine the validity of the source of data input or
operational instruction.

Trained and Qualified Personnel
As with most FDA regulations, Part 11 requires that individuals, who develop, maintain, or use
electronic record and electronic signature systems have the education, training, and experience to
perform their assigned tasks.

Organizations using closed electronic record and signature systems must establish and follow written
policies that hold their employees accountable and responsible for actions initiated under their
electronic signatures, in order to deter record and signature falsification. They must also use
appropriate controls over systems documentation regarding the distribution of, access to, and use of
documentation for system operation and maintenance. Revision and change control procedures must
be put in place to maintain an audit trail that documents time-sequenced development and
modification of the electronic records systems documentation. Other procedures and policies are
required for the protection of records, record retention periods, limiting system access, education and
training, and revision and change control.

Controls in Open versus Closed Systems
The FDA requires the same controls be placed over open systems as closed systems. However,
open systems must also be supported by procedures and controls designed to ensure the
authenticity, integrity, and confidentiality of electronic records created, modified, maintained, or
transmitted over those systems. These procedures and controls may include such measures as the
use of document encryption techniques and digital signature standards.

Electronic Signatures
Part 11 places a set of overarching general requirements on organizations that intend to use
electronic signatures. Each electronic signature used must be unique to an individual and not reused
or assigned to another individual. Organizations must verify the identity of the individual before
assigning an electronic signature to him/her. They must also certify in writing (in paper form) to FDA
that they intend to use their electronic signature as the legally binding equivalent of their handwritten
signature and, if necessary, submit additional certification of that intention to the agency.

7

Biometric and Non-Biometric Signatures
Electronic signatures must exhibit certain characteristics depending upon whether they are biometric
or non-biometric. Biometric electronic signatures must be designed to ensure that they cannot be
used by anyone other than their genuine owners. Non-biometric electronic signatures must be
composed of at least two distinct identification components (e.g., user ID and password); must be
used only by their genuine owners; and must be administered and executed such that two or more
individuals are necessary to duplicate the signature. Another issue related to the use of non-biometric
electronic signatures is that of periods of controlled access. If, during a single period of controlled
access, an individual executes a series of signings, they must use all electronic signature
components for the first signing and at least one secret component for each subsequent signing. If,
however, signings are not performed during a single period of controlled access, each signing must
use all components.

Signature Manifestations and Linking
FDA requires that signed electronic records clearly indicate the printed name of the signer; the date
and time of the signing; and the meaning of the signing. Those records must be subject to the same
controls as electronic records, and also be available for review and copying by FDA. Electronic
signatures and handwritten signatures executed to electronic records must be linked to their
respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise
transferred to falsify an electronic record by ordinary means (e.g., by routine cutting and pasting).

Signatures During Continuous Use
Part 11 allows for periods of continuous use where electronic records can be signed using a single
token. This is intended for when an individual performs an initial system access or logon and can
then perform subsequent signings by executing at least one token of the electronic signature, under
controlled conditions that prevent another person from impersonating the legitimate signer.

To meet the requirements for continuous use, it is vital to have stringent controls in place to prevent
impersonation. Such controls include:

Requiring an individual to remain in close proximity to the workstation throughout the signing
session.
Use of automatic inactivity disconnect measures that would de-log the first individual if no
entries or actions were taken within a fixed short time.
Requiring that the single component needed for subsequent signings is known to, and usable
only by, the authorized individual.

Other than the use of a single token for signing, all other requirements for executing electronic
signatures apply during a period of continuous use. This requires that the operator be notified that his
signature is being executed, and that the meaning of the signature is clear.

Enforcement of Operating Sequence
Best practices for accurate entry of data may require that two signatures be affixed to an electronic
record. One signature identifies the person entering the data, while the second identifies the person
who verified the entered data was correct. Other best practices may require additional signatures
beyond two.

8
Section 3. FDA Expectations: Compliance Policy Guide

The FDA continues to step up its investigation of electronic record and signature systems and
enforcement of Part 11 violations. The number of inspectional observations (483s) and warning
letters continues to rise; these regulatory citations reference the underlying agency regulations
(predicate rules) that have been violated, in addition to Part 11.

In addition, the FDA is training its investigators on how to examine systems within the scope of Part
11 more thoroughly. One tool that is being used to guide investigators and the general public is
the Compliance Policy Guide (CPG) 7153.17. The CPG, which, represents [FDA]s current thinking
on what is required to be fully compliant with Part 11, is not intended to be binding on the agency or
the public. According to the CPG, when organizations are not fully compliant with Part 11, agency
decisions on whether or not to pursue enforcement action will be based on a case-by-case
evaluation.

The factors used in pursuing enforcement action are:

The nature and extent of Part 11 deviations.
The effect of the deviations on product quality and data integrity.
The adequacy and timeliness of planned corrective measures.
The overall compliance history of the establishment, especially with regard to data integrity.

Although it is not possible to predict how investigators will follow the CPG (or any future guidance
documents) with absolute certainty, it is reasonable to expect that the agency will look favorably on
companies that are making significant investments in long-term solutions rather than implementing
temporary or interim solutions.

Currently, the FDA is developing procedures for archiving submissions with electronic signatures.
Until those procedures are in place, documents for which regulations require an original signature
(e.g., certifications to the agency) must be accompanied by a paper copy that includes the
handwritten signature.

Section 4. What Intellution Is Doing to Develop Compliant Solutions

In an effort to help businesses across the FDA-regulated spectrum comply with Part 11, Intellution
has been working in conjunction with a group of organizations, including key biotech and
pharmaceutical representatives, original equipment manufacturers, systems integrators, consulting
firms, and FDA regulatory personnel, to develop compliant solutions.

Intellution has also been conferring with these organizations both individually and in group forums,
such as the industry symposium on Part 11 held in August 2000. This symposium was valuable in
that Intellution and its software users exchanged feedback on what they wanted and needed from
software applications in order to comply with Part 11.

In October 2000, Intellution began working with Stelex, Inc., a consulting company that provides
regulatory and validation services to the industry, to evaluate its products for compliance with the
Rule. Stelex performed the evaluation by assessing the applicability of Part 11 limited to three
Intellution software applications: FIX v7.0, iFIX v2.21, and iBatch v4.1. As new version and products
become available Intellution will make addendums to this document

Key assumptions made during the evaluation were that the applications need to comply with all
requirements of Part 11; and that the applications may potentially be used in open systems as
defined in Part 11. A Part 11 requirements checklist was used, and each application was assessed
for the applicability and level of compliance with the rule.


9
As a result of the assessment and other aforementioned efforts, Intellution, with regulatory and
validation consulting assistance from Stelex, has proposed a set of recommendations for customers
with existing installations on best practices and software solutions to meet the intent of Part 11
regulations. A second set of recommendations is also being developed for future releases of
Intellution applications. These releases will be designed to simplify the process of developing
compliant solutions and to enhance the options available to FDA regulated customers. Since, in the
future, Intellution will invest its development time and effort solely in 21 CFR Part 11 solutions for the
iFIX platform, Intellution strongly recommends that its FIX customers migrate their automation
solutions to the latest edition of iFIX HMI/SCADA software.

Section 5. Best Practices and Solutions for Intellution Applications
For the purposes of this section, existing Intellution software applications have been categorized into
three sub-sections: one for iFIX systems, a second for FIX systems, and a third for iBatch systems.
A fourth section below offers solutions available from third-party solution providers. Since iFIX, iBatch,
FIX, and third party solutions have significantly different capabilities; the recommendations for each
are different.

iFIX
Customers are advised to implement the following practices and software solutions to meet the intent
of Part 11 regulations for their iFIX-based systems. A detailed Part 11 checklist that served as a basis
for these recommendations is included in Section II of this document.

1) Security

To limit system access, iFIX should be configured to use Windows NT/2000 domain security.
Domain administrators should implement account policies on password aging, minimum
password length, password uniqueness, and account lockout after a reasonable number of
unsuccessful login attempts.
Customers wishing to implement raw data collection using the Historical Collect module must
implement all aspects of Environment Protection and Security Configuration features to
restrict unauthorized access, deletion, or modification of the historical data files created by
this module. Only administrators should have access to the file system.
To limit user access to specific system areas and modules, internal iFIX security should be
configured to implement Security Areas and User Groups.
The iFIX User Login Timeout period should be configured to limit the extent of a continuous
period of controlled system access. Customers should also implement policies and
procedures requiring users to log out of the application during periods of non-use.
To ensure the validity of the source of data input, customers must ensure that all iFIX
workstations are placed in secure locations, and that access to workstations must be limited
to authorized personnel. Customers should distribute iFIX run-time functionality in a manner
that is appropriate to each workstations location.
To meet the requirements for continuous use, a logout screen saver should be implemented
and set to the number of minutes that constitutes continuous use.

2) Electronic Records/Electronic Signatures

Each software user should configure the application (or use a third party application) to
capture an electronic signature whenever an electronic record is to be created. The user
should enter two tokens (User ID and Password), and the signature should be built using the
returned printed name of the user, data, and timestamp, and the meaning under which the
signature was executed.

10
If continuous use is considered, then this signature could consist of a single token (password)
that could be used in conjunction with the logged on User ID to produce the signature. The
user must only know this single token.
Because of the legal liability associated with an electronic signature, an operator must
unequivocally know whenever they are signing a record.
To comply with requirements on Electronic Records, customers should configure and
implement the Alarm ODBC service to log alarms and operator messages to a relational
database, such as Oracle or Microsoft SQL Server.
In addition to using the standard alarm and operator message logs, the customer should
configure the application to capture and verify an electronic signature of the user taking the
action, and add that signature to the ODBC record.
Customers should define a Backup File for the Alarm ODBC service. The service saves
alarms and messages to this file if it cannot access the relational database. To prevent a loss
of data, customers should configure iFIX and Alarm ODBC to run as a service under
Windows NT/2000.
Customers may also optionally elect to save raw process data via the Historical Collect
module. This module may be configured to create new data files every 4, 8, or 24 hours.
Since new files are created, at maximum, on a daily basis, customers should implement a
script or procedures to archive historical data files containing the previous days data in a
secure location, and any alteration to these files should be prevented through the use of
operating system security.
Customers should also configure the number of days before the automatic deletion of
historical data files to allow for sufficient time to archive the data while preventing disk space
usage issues.
Customers must configure the SCU to log both Alarms and Operator Messages to the Alarm
ODBC service.
Customers should implement a Microsoft Windows or third-party clock synchronization utility
to ensure that all date and time stamps are accurately recorded in the audit trail.
In certain applications, the periodic capture of raw data is required, in addition to alarms and
operator actions. For these and other similar circumstances, customers should develop VBA
scripts to capture data into a relational database. Users can also use the iFIX SQL/ODBC
blocks from the iFIX database to interface to a relational database. Each record must, at
minimum, include a date and time stamp, the SCADA node name, tag name and value.
Neither the operator name nor the electronic signature is required for this type of data.

3) Validation and Documentation

Many of the requirements of the rule must be met by activities that are not software-based. In
order to meet the validation requirement of Part 11, customers must validate their application
in order to ensure accuracy, reliability, consistent and intended performance, and the ability
to discern invalid or altered records. Customers may develop and/or execute the validation
plans and protocols themselves, or outsource these activities. The validation should follow an
established system life-cycle (SLC) methodology.
In order to meet the authority checks requirement of the rule, customers must employ policies
and procedures to verify the identity of the individual to whom an electronic signature will be
issued.
Customers must establish and adhere to written policies that hold individuals accountable
and responsible for actions initiated under their electronic signatures in order to deter record
and signature falsification and to meet that requirement of the rule.

11
Each iFIX picture, schedule, and database contains a version number or serial number that
can be used for version control.
Customers must establish and adhere to written policies that will prevent a single individual
from being able to falsify records.
Although customers are not responsible for control over the content of system operation and
maintenance manuals, they should be responsible for establishing and maintaining controls
over the distribution of, access to, and use of that documentation as required by Part 11.
Customers must verify the identity of the individual before assigning an electronic signature to
him/her. Customers are also responsible for certifying in writing (in paper form) to the FDA
that they intend to use their electronic signature as the legally binding equivalent of their
handwritten signature and, if necessary, submit additional certification of that intention to the
agency.

4) Miscellaneous

Records must be maintained in a relational database and protected by system security and
data isolation. Customers should establish policies and procedures to ensure that records are
retained for an appropriate duration of time.
To further comply on validity of sources of data, it is recommended that customers consider
employing third-party version control software to maintain recipes, pictures, databases, and
I/O configurations. The version control software should be accompanied by a set of
procedures and policies on conventions and use.
Microsofts Visual SourceSafe is one application that can be used for version control.

FIX

Customers with existing FIX installations have several options for implementing solutions that comply
with Part 11 regulations. One option is to migrate their FIX application to the iFIX family of products,
and then to follow the compliance recommendations for iFIX installations. Intellution strongly
recommends this option, since moving to iFIX will provide for an easy transition to new and upcoming
features of iFIX that will assist with Part 11 compliance. Detailed information on this process may be
found on http://www.intellution.com or by contacting your Intellution representative.

Another option for FIX users is to use the Alarm File Service feature of FIX to create an electronic
audit trail. Customers are advised to implement the following practices and software solutions to meet
the intent of Part 11 regulations for this type of system. A detailed Part 11 checklist that served as a
basis for these recommendations is included in Section II document.
1) Security

To limit system access, FIX applications should be installed on Windows NT/2000 operating
system and FIX security system should be configured to use Windows NT/2000 security.
NT/2000 account policies should implement password aging, minimum password length,
password uniqueness, and account lockout after a reasonable number of unsuccessful login
attempts.
Customers must implement all aspects of Environment Protection and Security Configuration
features to restrict unauthorized access, deletion, or modification of the audit trail files (.alm)
created using the Alarm File Service and historical data files created by the Historical Collect
module. Only administrators should have access to the file system.
Internal FIX security should be used to limit user access to authorized security areas and
applications.

12
Each operator should be configured to use the FIX User Login Timeout to limit the continuous
length of time an operator can remain logged into the system. Customers should also
implement policies and procedures requiring users to log out of the application during periods
of non-use.
To ensure the validity of the source of data input, customers must ensure that all FIX
workstations are placed in secure locations and that access to the workstations is limited to
authorized personnel. Customers should distribute FIX run-time functionality in a manner that
is appropriate to each workstations location.
2) Electronic Records/Electronic Signatures

To comply with requirements on Electronic Records, customers must configure and
implement the Alarm File Service to log alarms and operator messages to flat files.
Customers may also optionally elect to save raw process data via the Historical Collect
module. This module may be configured to create new data files every 4, 8, or 24 hours.
Since new files are created, at maximum, on a daily basis, customers should implement a
script or procedures to archive audit trail, and files containing the previous days data in a
secure location, and any alteration to these files should be prevented through the use of
operating system security.
Customers should also configure the number of days before the automatic deletion of alarm
and historical data files to allow for sufficient time to archive the data while preventing disk
space usage issues.
Customers should implement a Microsoft Windows or third-party clock synchronization utility
to ensure that all date and time stamps are accurately recorded in the audit trail.
3) Validation and Documentation

Many of the requirements of the rule must be met by activities, which are not software-based.
In order to meet the validation requirement of Part 11, customers must validate their
application in order to ensure accuracy, reliability, consistent and intended performance, and
the ability to discern invalid or altered records. Customers may develop and/or execute the
validation plans and protocols themselves or outsource these activities. The validation should
follow an established system life cycle (SLC) methodology.
In order to meet the authority checks requirement of the rule, customers must employ policies
and procedures to verify the identity of the individual to whom an electronic signature will be
issued.
Customers must establish and adhere to written policies that hold individuals accountable
and responsible for actions initiated under their electronic signatures, in order to deter record
and signature falsification, in order to meet that requirement of the rule.
Although Intellution customers are not responsible for control over the content of system
operation and maintenance manuals, they should be responsible for establishing and
maintaining controls over the distribution of, access to, and use of that documentation as
required by Part 11.
Customers must verify the identity of the individual before assigning an electronic signature
or User ID and Password to him/her. Customers are also responsible for certifying in writing
(in paper form) to FDA that they intend to use electronic signatures as the legally binding
equivalent of handwritten signatures and, if necessary, submit additional certification of that
intention to the agency.


13
4) Miscellaneous

Customers must take great care to create functionality and procedures to archive audit trail
files on a regular basis. Customers should either automate the archiving process by using
FIX command scripts or establish a procedure for periodic manual archiving of these files.
Once archived, customers should also take great care to establish an appropriate security
and file based restriction to prevent modification or deletion of this data.
Customers should establish policies and procedures to ensure that audit trail files are
retained for an appropriate duration of time.
To further comply on validity of sources of data, it is recommended that customers consider
employing third-party version control software to maintain recipes, pictures, databases and
I/O configurations. The version control software should be accompanied by a set of
procedures and policies on conventions and use.
Microsofts Visual SourceSafe is one application that can be used for version control.

iBatch 4.5 and iWorkInstruction 1.0

Two options are available for user interfacing. The dedicated iBatch client does not have any
provision for electronically signing operator entries. It is recommended that customers implement the
iBatch user interface in iFIX for applications that include electronic signatures. All recommendations
for iFIX implementations also apply to iBatch user interfaces implemented in iFIX.

1) Security

a. iBatch 4.5

iBatch shares a common security system with iFIX. Security for iBatch should be activated,
and users should be assigned rights to iBatch applications in the iFIX security configuration
application.
All recommendations for implementing iFIX security should be followed.

b. iWorkInstruction 1.0

iWorkInstruction uses Microsoft Windows NT/Windows 2000 security directly.
iWorkInstruction utilizes NT/Windows 2000 Security Groups to uniquely identify individuals.
Individual NT/Windows 2000 uses must have unique Full User Names. NT/Windows 2000
does not enforce this constraint and it is up to the Domain administrator to enforce this
behavior. The iWorkInstruction software will prevent authorization of an action when two
signatures are required and the Full User Names are not unique.
Domain administrators should implement account policies on password aging, minimum
password length, password uniqueness, and account lockout after a reasonable number of
unsuccessful login attempts.

14
2) Electronic Records/Electronic Signatures

a. iBatch 4.5

iBatch ActiveX controls do not store electronic signatures, so all operator commands to the
Batch Server should use scripting implementing the iBatch v4.5 extensions to BIS that add
electronic signature fields to BIS methods.
iBatch shares a common alarm messaging system with iFIX. All recommendations for
implementing iFIX security should be followed.
iBatch text files are not secured, so all iBatch records should be archived directly into a
relational database through the publisher/archiver mechanism that is secure.

b. iWorkInstruction 1.0

All records created by iWorkInstruction comply fully with 21 CFR Part 11. For batch
applications requiring workflow capabilities, iWorkInstruction should be used for all operator
interfacing and data entry during batch execution.
iWorkInstruction requires that all iBatch publishing be enabled, and that all records should be
archived directly into a relational database through the publisher/archiver mechanism that is
secure.

3) Validation and Documentation

a. iBatch 4.5

All recommendations for iFIX should be followed.
iBatch recipes should be stored as files and managed by third party document control
software, such as Microsoft Visual SourceSafe.

b. iWorkInstruction 1.0

The iWorkInstruction software interfaces directly with Microsoft Visual SourceSafe to provide
complete document manage capabilities.
All Electronic Work Instruction documents are stored in and retrieved from Microsoft Visual
SourceSafe, both in development and runtime.

4) Miscellaneous (iBatch 4.5 Only)

All recommendations for iFIX should be followed.
Recipes and batch records maintained in a relational database must be protected by system
security and data isolation. Customers should establish policies and procedures to ensure
that records are retained for an appropriate duration of time.
To further comply on validity of sources of data, it is recommended that customers consider
employing third-party version control software to maintain recipes and the equipment model.
The version control software should be accompanied by a set of procedures and policies on
conventions and use.




15
About Intellution, Inc.
Intellution is the world leader in developing and marketing high-performance industrial automation
software solutions. The worlds top manufacturers, including three out of four Fortune 100 companies,
rely on Intellution software to increase their advantage in todays fiercely competitive global
marketplace. In more than 130,000 installations worldwide, the Intellution Dynamics family of
component solutions enables manufacturers to achieve an integrated eManufacturing enterprise by
seamlessly connecting plant floor operations with upper level business systems, business partners,
and their supply chain. For more information on Intellution, visit www.intellution.com or call 800-526-
3486 or 508-698-3322.


About Stelex, Inc.
Stelex is a consulting firm that has provided quality solutions to FDA-regulated and mission-critical
pharmaceutical, medical device and diagnostic sector companies for more than 15 years. Stelex
commands a thorough understanding of federal regulations and industry-accepted software
development standards. Stelex assists corporations with System Development, Validation Services,
e-Enterprise Solutions, Quality Auditing Services, and Training. Stelex's ComplianceBuilder, The
Turnkey Part 11 Solution, was created exclusively to bring existing or legacy data collection systems
into compliance with the FDA's 21 CFR 11. It has full audit trail capabilities, captures electronic
signatures, provides robust security and, in conjunction with quality documentation, ensures full
compliance with the regulation. Learn more about Stelex at www.stelex.com, or call 215-638-9700.

2001 Intellution

, Inc. ALL RIGHTS RESERVED. Intellution, FIX, FIX Stats, Intelligent Solutions,
Intellution's Stylized i, PlantTV, Plug and Solve, The FIX and Visual Batch are registered trademarks
of Intellution, Inc. FIX Dynamics, FIX HMI, Intellution Dynamics, iBatch, iClient, iCore, iDownTime,
iFIX, iHistorian, iLogic, iVisualize, iWebCast, iWebServer, iWorkInstruction, VisiconX, The Intelligent
Solution, powered by iCore, Secure Containment, and the Designed For Logo are trademarks of
Intellution, Inc. iGlobalCare is a service mark of Intellution, Inc. All other brands or names are
property of their respective holders. 02.01 Part Number 4133.

Stelex and the Stelex logo are registered trademarks of Stelex Inc.

1










Revision Number: 2 Revision Date: August 6, 2001

Meeting the Requirements of the FDAs 21 CFR Part 11 Regulation

Part II: Checklist for Intellutions iFIX v2.21, iBatch v4.1 and FIX v7.0 Automation Software Products

The following table defines key, specific sections of the 21 CFR Part 11 Rule and the FDA requirements to satisfy that
rule, and provides an explanation of how Intellutions software products fulfill each of those requirements.

Section # Requirement iFIX/iBatch
B/11.10 Controls for closed systems.
Persons who use closed systems to create,
modify, maintain, or transmit electronic
records shall employ procedures and
controls designed to ensure the
authenticity, integrity, and, when
appropriate, the confidentiality of electronic
records, and to ensure that the signer
cannot readily repudiate the signed record
as not genuine. Such procedures and
controls shall include the following:
Intellution customers are responsible for developing
procedures to support the use of the applications in
a regulated environment.
(a) Validation of systems to ensure
accuracy, reliability, consistent intended
performance, and the ability to discern
invalid or altered records.
Intellution customers must validate the applications.
Customers may develop and/or execute the
validation plans and protocols themselves or
outsource these activities. The validation should
follow an established system life cycle (SLC)
methodology.
(b) The ability to generate accurate and
complete copies of records in both human
readable and electronic form suitable for
inspection, review, and copying by the
agency. Persons should contact the agency
if there are any questions regarding the
ability of the agency to perform such review
and copying of the electronic records.
Records are maintained in a relational database
and protected via system security and data
isolation. Customers should establish policies and
procedures to ensure that records are retained for
an appropriate duration of time.
(c) Protection of records to enable their
accurate and ready retrieval throughout
the records retention period.

Records are maintained in a relational database
and protected via system security and data
isolation. Customers should establish policies and
procedures to ensure that records are retained for
an appropriate duration of time.
(d) Limiting system access to authorized
individuals.
To limit system access, iFIX/iBatch should be
configured to use Windows NT/2000 security.
NT/2000 account policies should implement
password aging, minimum password length,
password uniqueness, and account lockout after a
reasonable number of unsuccessful login attempts.
Internal iFIX security should be used to limit user
access to authorized security areas and
applications. Each node should be configured to
use the iFIX User Login Timeout to limit the
continuous length of time an operator can remain
logged into the system.


3

Section # Requirement iFIX/iBatch
(e) Use of secure, computer-generated,
time-stamped audit trails to independently
record the date and time of operator entries
and actions that create, modify, or delete
electronic records. Record changes shall
not obscure previously recorded
information. Such audit trail
documentation shall be retained for a
period at least as long as that required for
the subject electronic records and shall be
available for agency review and copying
All audit trail records include date and time stamp,
node of origination, and operator name. Customers
should implement a Microsoft Windows or 3rd party
clock synchronization utility to ensure that all date
and time stamps are accurately recorded in the
audit trail.

(f) Use of operational system checks to
enforce permitted sequencing of steps and
events, as appropriate.
iFIX/iBatch includes functionality for developing
sophisticated recipes containing detailed steps and
events. All download of parameters from this
application is logged via the Alarm ODBC service.
Customers can build systems that implement a
combination of recipes, PLC logic, and NT/2000
security that support the use of operational checks.
(g) Use of authority checks to ensure that
only authorized individuals can use the
system, electronically sign a record, access
the operation or computer system input or
output device, alter a record, or perform the
operation at hand.
iFIX/iBatch should be configured to use Windows
NT/2000 security. NT/2000 account policies should
implement password aging, minimum password
length, password uniqueness, and account lockout
after a reasonable number of unsuccessful login
attempts.
Internal iFIX security should be used to limit user
access to authorized security areas and
applications. Each node should be configured to use
the iFIX User Login Timeout to limit the continuous
length of time an operator can remain logged into
the system.
(h) Use of device (e.g., terminal) checks to
determine, as appropriate, the validity of the
source of data input or operational
instruction.
To ensure the validity of the source of data input
customers should distribute iFIX/iBatch run-time
functionality in a manner that is appropriate to each
workstations location. iFIX client/server architecture
restricts data storage to the server computer,
ensuring that the audit trail is generated from a
single location.
(i) Determination that persons who develop,
maintain, or use electronic record/electronic
signature systems have the education,
training, and experience to perform their
assigned tasks.
Intellution customers are responsible for ensuring
that all persons involved with regulated system have
the necessary levels of education, training, and
experience to perform their assigned tasks.
(j) The establishment of, and adherence to,
written policies that hold individuals
accountable and responsible for actions
initiated under their electronic signatures, in
order to deter record and signature
falsification.

Intellution customers are responsible for developing
policies and procedures to support the use of the
applications in a regulated environment.


4

Section # Requirement iFIX/iBatch
(k) Use of appropriate controls over systems
documentation including:

(1) Adequate controls over the distribution of,
access to, and use of documentation for
system operation and maintenance.
Intellution provides system operation and
maintenance manuals for all the audited
applications to its customers upon purchase. The
manuals are on CD-ROM in read-only format and
cannot be modified by the customer.
Although Intellution customers are not responsible
for control over the content of system operation and
maintenance manuals, they should establish and
maintain controls over the distribution of, access to,
and use of that documentation.
(2) Revision and change control procedures
to maintain an audit trail that documents
time-sequenced development and
modification of systems documentation.
Revisions made to the manuals by Intellution staff
follow a documented change control procedure;
revisions are entered into Microsofts Visual
SourceSafe.
B/11.30 Controls for open systems
Persons who use open systems to create,
modify, maintain, or transmit electronic
records shall employ procedures and
controls designed to ensure the
authenticity, integrity, and, as appropriate,
the confidentiality of electronic records from
the point of their creation to the point of their
receipt. Such procedures and controls shall
include those identified in 11.10, as
appropriate, and additional measures such
as document encryption and use of
appropriate digital signature standards to
ensure, as necessary under the
circumstances, record authenticity, integrity,
and confidentiality.
Intellution customers are responsible for developing
procedures to support the use of the applications in
a regulated environment.
B/11.50 Signature manifestations
(a) Signed electronic records shall contain
information associated with the signing that
clearly indicates all of the following:

(1)

The printed name of the signer All audit trail records include date and time stamp,
node of origination, and operator name.
(2)

The date and time when the signature was
executed;
All audit trail records include date and time stamp,
node of origination, and operator name.
(3)

The meaning (such as review, approval,
responsibility, or authorship) associated
with the signature.
All audit trail records include a tag name and
message type fields that can be used to ascertain
the meaning of the activity. For example, an
operator message is interpreted as an operator
action, while an alarm record results from an
operator acknowledgement.


5

Section # Requirement iFIX/iBatch
(b)

The items identified in paragraphs (a)(1),
(a)(2), and (a)(3) of this section shall be
subject to the same controls as for
electronic records and shall be included
as part of any human readable form of the
electronic record (such as electronic display
or printout).
Records will be maintained in a relational database
and may be retrieved using VisiconX or a variety
of other 3
rd
party data retrieval tools.
B/11.70 Signature/record linking


Electronic signatures and hand-written
signatures executed to electronic records
shall be linked to their respective
electronic records to ensure that the
signatures cannot be excised, copied, or
otherwise transferred to falsify an electronic
record by ordinary means.
Each audit trail record includes the name of the
operator linked to the specific activity. Intellution
customers should also establish policies and
procedures to prevent unauthorized access to the
relational database containing the audit trail file.
C/11.100 General requirements
(a) Each electronic signature shall be unique
to one individual and shall not be reused by,
or reassigned to, anyone else.
Windows NT/2000 security does not permit the
creation of duplicate User IDs. Intellution customers
using the applications in FDA-regulated
environments must be responsible for ensuring that
electronic signatures are unique to one individual
and not reused by or reassigned to any other
individual.
(b) Before an organization establishes,
assigns, certifies, or otherwise sanctions
an individuals electronic signature, or
any element of such electronic signature,
the organization shall verify the identity of
the individual.
Intellution customers using the applications in FDA-
regulated environments must be responsible for
verifying the identities of individuals using electronic
signatures.
(c) Persons using electronic signatures shall,
prior to or at the time of such use, certify
to the agency that the electronic signatures
in their system, used on or after August 20,
1997, are intended to be the legally binding
equivalent of traditional handwritten
signatures.
Intellution customers using the applications in FDA-
regulated environments must be responsible for
certifying to the agency that the electronic
signatures in their system are intended to be the
legally binding equivalent of traditional handwritten
signatures.
(1) The certification shall be submitted in
paper form and signed with a traditional
handwritten signature, to the Office of
Regional Operations (HFC100), 5600
Fishers Lane, Rockville, MD 20857.
Intellution customers using the applications in FDA-
regulated environments must be responsible for
certifying to the agency that the electronic
signatures in their system are intended to be the
legally binding equivalent of traditional handwritten
signatures.
(2) Persons using electronic signatures shall,
upon agency request, provide additional
certification or testimony that a specific
electronic signature is the legally binding
equivalent of the signers handwritten
signature.
Intellution customers using the applications in FDA-
regulated environments must be responsible for
certifying to the agency that the electronic
signatures in their system are intended to be the
legally binding equivalent of traditional handwritten
signatures.


6

Section # Requirement iFIX/iBatch
C/11.200 Electronic signature components and
controls

(a) Electronic signatures that are not based
upon biometrics shall:

(1) Employ at least two distinct identification
components such as an identification code
and password.
iFIX/iBatch should be configured to use Windows
NT/2000 security, which employs a User ID and
password combination to identify a user.
(i) When an individual executes a series of
signings during a single, continuous
period of controlled system access, the first
signing shall be executed using all
electronic signature components;
subsequent signings shall be executed
using at least one electronic signature
component that is only executable by, and
designed to be used only by, the individual.
To indicate the start of a continuous period of
controlled system access, the user must use two
distinct identification components to log into iFIX.
Subsequent signatures during this period will be
recorded using only the User ID component of the
signature.
The iFIX User Login Timeout period should be
configured to limit the extent of a continuous period
of controlled system access. Customers should
also implement policies and procedures requiring
users to log out of the application during periods of
non-use.
(ii) When an individual executes one or more
signings not performed during a single,
continuous period of controlled system
access, each signing shall be executed
using all of the electronic signature
components.
The iFIX User Login Timeout period should be
configured to limit the extent of a continuous period
of controlled system access. Customers should
also implement policies and procedures requiring
users to log out of the application during periods of
non-use.
(2) Be used only by their genuine owners Intellution customers using the applications in FDA-
regulated environments must be responsible for
ensuring that non-biometric electronic signatures
are used only by their genuine owners.
(3) Be administered and executed to ensure
that attempted use of an individuals
electronic signature by anyone other
than its genuine owner requires
collaboration of two or more individuals.
Intellution customers using the applications in FDA-
regulated environments must be responsible for
ensuring that attempted use of an individuals
electronic signature by anyone other than its
genuine owner requires collaboration of two or
more individuals. For example, user organizations
may require that system administrators enable the
Windows NT security function User Must Change
Password at Next Logon in order to prevent the
system administrators from knowing both the users
User ID and password.
(b) Electronic signatures based upon
biometrics shall be designed to ensure that
they cannot be used by anyone other than
their genuine owners.
Biometric devices are readily available from 3
rd
party
vendors. However, Intellution customers using the
applications in FDA-regulated environments, or any
organization that may develop biometric devices for
interfacing with the audited applications, must be
responsible for ensuring that electronic signatures
based upon biometrics are designed to ensure that
they cannot be used by anyone other than their
genuine owners.


7

Section # Requirement iFIX/iBatch
C/11.300 Controls for identification
codes/passwords

Persons who use electronic signatures
based upon use of identification codes in
combination with passwords shall employ
controls to ensure their security and
integrity. Such controls shall include:

(a) Maintaining the uniqueness of each
combined identification code and
password, such that no two individuals
have the same combination of identification
code and password.
iFIX/iBatch should be configured to use Windows
NT/2000 security, which maintains the uniqueness
of each User ID and password combination.
(b) Ensuring that identification code and
password issuances are periodically
checked, recalled, or revised (e.g., to cover
such events as password aging).
IFIX/iBatch should be configured to use Windows
NT/2000 security, which contains functionality for
password aging and uniqueness.
(c) Following loss management procedures
to electronically de-authorize lost, stolen,
missing, or otherwise potentially
compromised tokens, cards, and other
devices that bear or generate identification
code or password information, and to issue
temporary or permanent replacements
using suitable, rigorous controls.
Intellution customers using the applications in FDA-
regulated environments must be responsible for
employing controls to ensure the security and
integrity of identification codes and passwords.
(d) Use of transaction safeguards to prevent
unauthorized use of passwords and/or
identification codes, and to detect and
report in an immediate and urgent manner
any attempts at their unauthorized use to
the system security unit, and, as
appropriate, to organizational management.
The iFIX Login program generates an alarm after
three unsuccessful login attempts and records the
login attempt to the audit trail.
(e) Initial and periodic testing of devices,
such as tokens or cards, that bear or
generate identification code or password
information to ensure that they function
properly and have not been altered in an
unauthorized manner.
Intellution customers using the applications in FDA-
regulated environments, or any organization that
may develop devices that bear or generate
identification code or password information to
interface with the audited applications, must be
responsible for ensuring that devices that bear or
generate identification code or password information
be tested to ensure that they function properly and
have not been altered in an unauthorized manner.


8
21 CFR 11 Checklist for FIX

Section # Requirement FIX
B/11.10 Controls for closed systems.
Persons who use closed systems to create,
modify, maintain, or transmit electronic records
shall employ procedures and controls
designed to ensure the authenticity, integrity,
and, when appropriate, the confidentiality of
electronic records, and to ensure that the
signer cannot readily repudiate the signed
record as not genuine. Such procedures and
controls shall include the following:
Intellution customers are responsible for developing
procedures to support the use of the applications in
a regulated environment.
(a) Validation of systems to ensure accuracy,
reliability, consistent intended performance, and
the ability to discern invalid or altered records.
Intellution customers must validate the applications.
Customers may develop and/or execute the
validation plans and protocols themselves or
outsource these activities. The validation should
follow an established system life cycle (SLC)
methodology.
(b)
The ability to generate accurate and complete
copies of records in both human readable and
electronic form suitable for inspection, review,
and copying by the agency. Persons should
contact the agency if there are any questions
regarding the ability of the agency to perform
such review and copying of the electronic
records.
Records are maintained in human-readable files
and copies may be generated using any
commercially available editor program, including
Microsofts Notepad or Word.
(c)
Protection of records to enable their accurate
and ready retrieval throughout the records
retention period.
Customers should establish policies and procedures
to ensure that records are retained for an
appropriate duration of time.
(d) Limiting system access to authorized
individuals.
To limit system access, FIX applications should be
installed on Windows NT/2000 operating system
and FIX security system should be configured to
use Windows NT/2000 security. NT/2000 account
policies should implement password aging,
minimum password length, password uniqueness,
and account lockout after a reasonable number of
unsuccessful login attempts.
Internal FIX security should be used to limit user
access to authorized security areas and
applications. Each operator should be configured to
use the FIX User Login Timeout to limit the
continuous length of time an operator can remain
logged into the system.


9

Section # Requirement FIX
(e) Use of secure, computer-generated, time-
stamped audit trails to independently record
the date and time of operator entries and
actions that create, modify, or delete electronic
records. Record changes shall not obscure
previously recorded information. Such audit
trail documentation shall be retained for a
period at least as long as that required for the
subject electronic records and shall be available
for agency review and copying.
The Alarm File Service, allowing the storage of
alarm and messages data files, should be activated
and configured to log alarms and operator
messages. Customers should implement a script or
procedures to archive these files (.alm) in secure
location, and any alteration to these files should be
prevented through the use of operating system
security. Customers should also configure the
number of days before the automatic deletion of
alarm files to allow for sufficient time to archive the
audit trail files.
Customers must implement the Environment
Protection and Security Configuration features to
restrict unauthorized access to the audit trail files.
All audit trail records include date and time stamp,
node of origination, and operator User ID.
Customers should implement a Microsoft Windows
or 3
rd
party clock synchronization utility to ensure
that all date and time stamps are accurately
recorded in the audit trail.
(f) Use of operational system checks to enforce
permitted sequencing of steps and events, as
appropriate.
FIX includes functionality for developing
sophisticated recipes containing detailed steps and
events. All download of parameters from this
application is logged via the alarm file
service.Customers can build systems that
implement a combination of recipes, PLC logic, and
NT/2000 security that support the use of operational
checks.
(g) Use of authority checks to ensure that only
authorized individuals can use the system,
electronically sign a record, access the
operation or computer system input or output
device, alter a record, or perform the operation
at hand.
FIX should be configured to use Windows NT/2000
security. NT/2000 account policies should
implement password aging, minimum password
length, password uniqueness, and account lockout
after a reasonable number of unsuccessful login
attempts.
Internal FIX security should be used to limit user
access to authorized security areas and
applications. Each node should be configured to use
the FIX User Login Timeout to limit the continuous
length of time an operator can remain logged into
the system.
(h) Use of device (e.g., terminal) checks to
determine, as appropriate, the validity of the
source of data input or operational instruction.
To ensure the validity of the source of data input,
customers should distribute FIX run-time
functionality in a manner that is appropriate to each
workstations location. FIX client/server architecture
restricts data storage to the server computer,
ensuring that the audit trail is generated from a
single location.
(i) Determination that persons who develop,
maintain, or use electronic record/electronic
signature systems have the education,
training, and experience to perform their
assigned tasks.
Intellution customers are responsible for ensuring
that all persons involved with regulated system have
the necessary levels of education, training, and
experience to perform their assigned tasks.


10

Section # Requirement FIX
(j) The establishment of, and adherence to,
written policies that hold individuals
accountable and responsible for actions initiated
under their electronic signatures, in order to
deter record and signature falsification.
Intellution customers are responsible for developing
policies and procedures to support the use of the
applications in a regulated environment.
(k) Use of appropriate controls over systems
documentation including:

(1) Adequate controls over the distribution of,
access to, and use of documentation for
system operation and maintenance.
Intellution provides system operation and
maintenance manuals for all the audited
applications to its customers upon purchase. The
manuals are on CD-ROM in read-only format and
cannot be modified by the customer.
Although Intellution customers are not responsible
for control over the content of system operation and
maintenance manuals, they should establish and
maintain controls over the distribution of, access to,
and use of that documentation.
(2) Revision and change control procedures to
maintain an audit trail that documents time-
sequenced development and modification of
systems documentation.
Revisions made to the manuals by Intellution staff
follow a documented change control procedure;
revisions are entered into Microsofts Visual
SourceSafe.
B/11.30 Controls for open systems


Persons who use open systems to create,
modify, maintain, or transmit electronic records
shall employ procedures and controls
designed to ensure the authenticity, integrity,
and, as appropriate, the confidentiality of
electronic records from the point of their
creation to the point of their receipt. Such
procedures and controls shall include those
identified in 11.10, as appropriate, and
additional measures such as document
encryption and use of appropriate digital
signature standards to ensure, as necessary
under the circumstances, record authenticity,
integrity, and confidentiality.
Intellution customers are responsible for developing
procedures to support the use of the applications in
a regulated environment.
B/11.50 Signature manifestations
(a) Signed electronic records shall contain
information associated with the signing that
clearly indicates all of the following:

(1)

The printed name of the signer All audit trail records include date and time stamp,
node of origination, and operator name.
(2)

The date and time when the signature was
executed;
All audit trail records include date and time stamp,
node of origination, and operator name.


11

Section # Requirement FIX
(3)

The meaning (such as review, approval,
responsibility, or authorship) associated with the
signature.
The meaning associated with each signature can be
ascertained from data recorded for each audit trail
record.
(b)

The items identified in paragraphs (a)(1), (a)(2),
and (a)(3) of this section shall be subject to the
same controls as for electronic records and
shall be included as part of any human readable
form of the electronic record (such as electronic
display or printout).
Records are maintained in secure human-readable
files, and copies may be generated using any
commercially available editor program, including
Microsofts Notepad or Word.
B/11.70 Signature/record linking


Electronic signatures and hand-written
signatures executed to electronic records shall
be linked to their respective electronic
records to ensure that the signatures cannot be
excised, copied, or otherwise transferred to
falsify an electronic record by ordinary means.
Each audit trail record includes the User ID of the
operator linked to the specific activity. Customers
should implement the Environment Protection and
Security Configuration features to restrict
unauthorized access to the audit trail files.
C/11.100 General requirements
(a) Each electronic signature shall be unique to
one individual and shall not be reused by, or
reassigned to, anyone else.
Windows NT/2000 security does not permit the
creation of duplicate User IDs. Intellution customers
using the applications in FDA-regulated
environments must be responsible for ensuring that
electronic signatures are unique to one individual
and not reused by or reassigned to any other
individual.
(b) Before an organization establishes, assigns,
certifies, or otherwise sanctions an
individuals electronic signature, or any
element of such electronic signature, the
organization shall verify the identity of the
individual.
Intellution customers using the applications in FDA-
regulated environments must be responsible for
verifying the identities of individuals using electronic
signatures.
(c) Persons using electronic signatures shall, prior
to or at the time of such use, certify to the
agency that the electronic signatures in their
system, used on or after August 20, 1997, are
intended to be the legally binding equivalent of
traditional handwritten signatures.
Intellution customers using the applications in FDA-
regulated environments must be responsible for
certifying to the agency that the electronic
signatures in their system are intended to be the
legally binding equivalent of traditional handwritten
signatures.
(1) The certification shall be submitted in paper
form and signed with a traditional handwritten
signature, to the Office of Regional Operations
(HFC100), 5600 Fishers Lane, Rockville, MD
20857.
Intellution customers using the applications in FDA-
regulated environments must be responsible for
certifying to the agency that the electronic
signatures in their system are intended to be the
legally binding equivalent of traditional handwritten
signatures.


12

Section # Requirement FIX
(2) Persons using electronic signatures shall, upon
agency request, provide additional
certification or testimony that a specific
electronic signature is the legally binding
equivalent of the signers handwritten signature.
Intellution customers using the applications in FDA-
regulated environments must be responsible for
certifying to the agency that the electronic
signatures in their system are intended to be the
legally binding equivalent of traditional handwritten
signatures.
C/11.200 Electronic signature components and
controls

(a) Electronic signatures that are not based upon
biometrics shall:

(1) Employ at least two distinct identification
components such as an identification code and
password.
FIX should be configured to use Windows NT/2000
security, which employs a User ID and password
combination to identify a user.
(i) When an individual executes a series of
signings during a single, continuous period
of controlled system access, the first signing
shall be executed using all electronic signature
components; subsequent signings shall be
executed using at least one electronic signature
component that is only executable by, and
designed to be used only by, the individual.
To indicate the start of a continuous period of
controlled system access, the user must use two
distinct identification components to log into FIX.
Subsequent signatures during this period will be
recorded using only the User ID component of the
signature.
The FIX User Login Timeout period should be
configured to limit the extent of a continuous period
of controlled system access. Customers should also
implement policies and procedures requiring users
to log out of the application during periods of non-
use.
(ii) When an individual executes one or more
signings not performed during a single,
continuous period of controlled system
access, each signing shall be executed using all
of the electronic signature components.
The FIX User Login Timeout period should be
configured to limit the extent of a continuous period
of controlled system access. Customers should also
implement policies and procedures requiring users
to log out of the application during periods of non-
use.
(2) Electronic signatures that are not based upon
biometrics shall: be used only by their
genuine owners
Intellution customers using the applications in FDA-
regulated environments must be responsible for
ensuring that non-biometric electronic signatures
are used only by their genuine owners.
(3) Be administered and executed to ensure that
attempted use of an individuals electronic
signature by anyone other than its genuine
owner requires collaboration of two or more
individuals.
Intellution customers using the applications in FDA-
regulated environments must be responsible for
ensuring that attempted use of an individuals
electronic signature by anyone other than its
genuine owner requires collaboration of two or more
individuals. For example, user organizations may
require that system administrators enable the
Windows NT security function User Must Change
Password at Next Logon in order to prevent the
system administrators from knowing both the users
User ID and password.


13

Section # Requirement FIX
(b) Electronic signatures based upon biometrics
shall be designed to ensure that they cannot be
used by anyone other than their genuine
owners.
Biometric devices are readily available from 3
rd
party
vendors. However, Intellution customers using the
applications in FDA-regulated environments, or any
organization that may develop biometric devices for
interfacing with the audited applications, must be
responsible for ensuring that electronic signatures
based upon biometrics are designed to ensure that
they cannot be used by anyone other than their
genuine owners.
C/11.300 Controls for identification codes/passwords
(a) Maintaining the uniqueness of each
combined identification code and password,
such that no two individuals have the same
combination of identification code and
password.
FIX should be configured to use Windows NT/2000
security, which maintains the uniqueness of each
User ID and password combination.
(b) Ensuring that identification code and
password issuances are periodically checked,
recalled, or revised (e.g., to cover such events
as password aging).
FIX should be configured to use Windows NT/2000
security, which contains functionality for password
aging and uniqueness.
(c) Following loss management procedures to
electronically de-authorize lost, stolen, missing,
or otherwise potentially compromised tokens,
cards, and other devices that bear or generate
identification code or password information, and
to issue temporary or permanent replacements
using suitable, rigorous controls.
Intellution customers using the applications in FDA-
regulated environments must be responsible for
employing controls to ensure the security and
integrity of identification codes and passwords.
(d) Use of transaction safeguards to prevent
unauthorized use of passwords and/or
identification codes, and to detect and report in
an immediate and urgent manner any attempts
at their unauthorized use to the system security
unit, and, as appropriate, to organizational
management.
For each unsuccessful attempt, FIX Login generates
an alarm. After the third unsuccessful attempt, Login
exits.
(e) Initial and periodic testing of devices, such
as tokens or cards, that bear or generate
identification code or password information to
ensure that they function properly and have not
been altered in an unauthorized manner.
Intellution customers using the applications in FDA-
regulated environments, or any organization that
may develop devices that bear or generate
identification code or password information to
interface with the audited applications, must be
responsible for ensuring that devices that bear or
generate identification code or password information
be tested to ensure that they function properly and
have not been altered in an unauthorized manner.


14
About Intellution, Inc.
Intellution is the world leader in developing and marketing high-performance industrial automation software solutions.
The worlds top manufacturers, including three out of four Fortune 100 companies, rely on Intellution software to
increase their advantage in todays fiercely competitive global marketplace. In more than 130,000 installations
worldwide, the Intellution Dynamics family of component solutions enables manufacturers to achieve an integrated
eManufacturing enterprise by seamlessly connecting plant floor operations with upper level business systems,
business partners, and their supply chain. For more information on Intellution, visit www.intellution.com or call 800-
526-3486 or 508-698-3322.



About Stelex, Inc.
Stelex is a consulting firm that has provided quality solutions to FDA-regulated and mission-critical pharmaceutical,
medical device and diagnostic sector companies for more than 15 years. Stelex commands a thorough understanding
of federal regulations and industry-accepted software development standards. Stelex assists corporations with
System Development, Validation Services, e-Enterprise Solutions, Quality Auditing Services, and Training. Stelex's
ComplianceBuilder, The Turnkey Part 11 Solution, was created exclusively to bring existing or legacy data collection
systems into compliance with the FDA's 21 CFR 11. It has full audit trail capabilities, captures electronic signatures,
provides robust security and, in conjunction with quality documentation, ensures full compliance with the regulation.
Learn more about Stelex at www.stelex.com, or call 215-638-9700.

2001 Intellution

, Inc. ALL RIGHTS RESERVED. Intellution, FIX, FIX Stats, Intelligent Solutions, Intellution's Stylized
i, PlantTV, Plug and Solve, The FIX and Visual Batch are registered trademarks of Intellution, Inc. FIX Dynamics, FIX
HMI, Intellution Dynamics, iBatch, iClient, iCore, iDownTime, iFIX, iHistorian, iLogic, iVisualize, iWebCast,
iWebServer, iWorkInstruction, VisiconX, The Intelligent Solution, powered by iCore, Secure Containment, and the
Designed For Logo are trademarks of Intellution, Inc. iGlobalCare is a service mark of Intellution, Inc. All other brands
or names are property of their respective holders. 02.01 Part Number 4133.
Stelex and the Stelex logo are registered trademarks of Stelex Inc.