Clinical Workbench is used for many applications where 21 CFR Part 11 is relevant. For example, Clinical Workbench is used by organizations:
For each of these applications, Clinical Workbench may be used for any combination of the following activities:
Clinical Workbench is compliant with the software requirements of 21 CFR Part 11 through at least two approaches:
"11.10(a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records."
BioPier provides validation services as part of its installation and qualification of the Clinical Workbench-based application.
"11.10(b) The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the agency."
Records include Clinical Workbench Documents such as Spreadsheets and Graphs, as well as image files, MS Word or Excel documents, PDF, text files, etc. Clinical Workbenchdocuments stored in the system can be can be accessed and viewed/printed from within the Clinical Workbench environment. Using the client application, all document types can be copied to the local machine and viewed/printed in their nativeapplications.
"11.10(c) Protection of records to enable their accurate and ready retrieval throughout the records retention period. All records and their metadata, to include historical versions, can be readily retrieved."
The Clinical Workbench stores all versions of all files without automatically deleting or removing previous versions.
"11.10(d) Limiting system access to authorized individuals."
The system has multiple levels of security. Each user is assigned an account with a unique username and password, both of which are required to log on to the system. The user's identity and role are combined with the access control system attributes of one or more documents to determine whether access to a procedure on a document should be permitted or denied.
"11.10(e) Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall beretained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying."
Each action performed in the system including modifying, creating, and deleting documents are written automatically to audit trail tables in the system's database.
"11.10(g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand."
The Clinical Workbench uses a combination of a username and password to authorize an electronic signature.
The Clinical Workbench documentation is updated and distributed with each version of the software. Each set of documentation, including, User manuals and Administrator manuals, are uniquely identifiable as applying to its specific version.
An electronic signature is executed by the user through the user interface of the application, whereupon the user is required to enter her username and password. The electronic signature is stored in the database along with the name of the unique identifier of the document, the signer's full name, the date and time the signature was executed, and the meaning of the signature. When viewing or printing the record from within the system, a signature page is displayed / printed which will include all required items.
"11.70 Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means."
An electronic signature is stored within the system in a relational database that maintains a link between the record and the signature. From within the system it is impossible to remove, modify, or transfer an existing electronic signature. An electronic signature is linked to a specific version of a specific document. A handwritten signature applied to a paper document which is then transferred to an electronic format and placed in the system is under the same controls as any other document in the system including tracking of modifications and audit trail, and therefore the signature cannot be excised, copied, or transferred using ordinary means.
"11.100(a) Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else."
Each username/password combination is unique. User accounts can be disabled by an administrator but cannot be removed from the system, thus the system enforces that the signature cannot be reused or reassigned.
"11.200(b) Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used by anyone other than their genuine owners."
The Clinical Workbench does not use biometric authentication techniques. Instead, a user of the system enters her username and password combination to authorize a signature.
"11.300 Controls for identification codes/passwords. Persons who use electronic signatures based upon use of identification codes in combination with passwords shall employ controls to ensure their security and integrity. Such controls shall include: 11.300(a) Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password. "
The Clinical Workbench enforces the requirement that the each combination user id / password is unique.
"11.300(b) Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging)."
The Clinical Workbench allows for passwords to expire after a set period of time. Conclusions Clinical Workbench provides integrated solutions for compliance to 21 CFR Part 11 requirements.
For more information about the details of an approach for your application, contact BioPier.