1. Home
  2. What Software is Needed?

What Software is Needed?

What software features are necessary to be 21 CFR Part 11 compliant?

Security

  • Define which individuals shall have access to the software - a current list shall always be available
  • Define what the user roles are for the software (i.e. administrator, data entry, approver, etc.) and what each role can do
  • Access to software shall require each user to have a unique username and password
  • A defined number of incorrect login attempts shall lock the user from the software
  • A defined time of inactivity shall lock the software for a given user

Audit Trails

An audit trail shall be implemented that allows a means to reconstruct data modification.

The audit trail shall include: the name of the user that made the entry, what was changed (not obscuring the original value), the date and time of change and the reason for change.

Electronic Signatures/Digital Signatures

If electronic signatures will be used, they must include the following:

  1. Name of signer
  2. Time and Date of signature
  3. Meaning of signature

Note: An electronic signature consists of two components: id code (username) and password.  This is different than the initial login to the software.

Reporting

Users must have the ability to obtain meaningful data from the software.

Software Workflow

The software shall be designed in such a way that a logical process workflow is incorporated (i.e. you are unable to approve until all required pieces are completed).

Record Protection

Data must be backed up on a regular basis

Standard Operating Procedures

  1. Standard Operating Procedures ensure the consistent use of the software
  2. Procedures should be developed on how the software will be used for a specific task
  3. Procedures shall also be developed for administrative functions of the software: how to add users, etc.
  4. Procedures should also be developed for activities that happen outside of the software in order to ensure the most accurate data

Training

Training should be documented to verify that only trained individuals are using the software.

Validation

A quality validation methodology shall be used to ensure the system (software, people, etc) is performing as intended.  It is important to understand that you are validating a SYSTEM and not just the software.

If you have any questions or concerns about your system, it is highly recommended that you contact the Office of Compliance Services or 310-794-6763 for assistance.