Electronic
Record & Electronic Signature
Basic
Concepts of Electronic Record & Electronic Signature in
Pharmaceutical
Industry
Handwritten Signature:
A
scripted name or legal mark created by an individual that is unique to that
individual and is used to authenticate something in writing.
Digital Signature: A type of electronic signature that includes a way
of verifying the identity of the signer, the validity of their signature, and
the integrity of the record they signed.
Electronic Record:
Information
in a digital form that is created or used in some way by a computer system.
Electronic Signature:
A set
of symbols that is as unique and legally binding as a handwritten signature,
but that is used to sign records in a computer system. Any time an electronic
record is signed, the following information must be visible and associated with
the signature:
•
Printed name of signer
• Date
and time of signature
• Meaning
of signature (e.g., content is accurate, format is correct, data calculations
were verified) Each person must have a unique electronic signature his/her
identity must be verified
Password:
For
electronic signatures that make use of identification codes (i.e., user IDs)
and passcodes/passwords, the following controls need to be in place:
No two
users can have the same combination of user ID and password – each combination
must be unique
-
Passwords must be checked, recalled, or changed
from time to time
-
Unauthorized attempts to access user IDs or
-
passwords/passcodes must be detected and reported
Open System: A computer
system where user access is NOT controlled by the same people responsible for
its contents.
Closed System: A
computer system whose user access is controlled by the same people responsible
for its contents.
Validation:
Validation
of systems to ensure accuracy, reliability, consistent intended performance,
and the ability to discern invalid or altered records.
Biometrics:
Biometrics are means
of identifying a person based on physical characteristics or repeatable
actions. Some examples of biometrics include identifying a user based on a
physical signature, fingerprints, etc.
Data Backup
Data Backup
is the process of ensuring that computer system data is routinely saved to a
secondary location.
FDA
uses the term backup in to refer to a true copy of the original data that is
maintained securely throughout the records retention period. The backup file
should contain the data (which includes associated metadata) and should be in
the original format or in a format compatible with the original format.
This
should not be confused with backup copies that may be created during normal
computer use and temporarily maintained for disaster recovery (case of a
computer crash or other interruption). Such temporary backup copies would not
satisfy the requirement in to maintain a backup file of data.
Data Recovery is the
process of restoring a file from this backup file location to general use.
Data Archiving the
the process of removing older or less utilized data from a computer system in
order to improve system performance.
Disaster Recovery is the process of recreating a computer system in the event of a
serious system failure.
Rendering Records:
How an
organization makes sure that all electronic records that an auditor might want
to see and/or copy can be provided in a language/format that humans (not just
computers) can understand
Document Storage & Record Retention:
How an
organization protects documentation and keeps it readily available for as long
as it’s required to be stored.
System Access:
How an organization ensures that only the
right people have access to each computer system.
Audit Trails:
How an
organization ensures that a complete history of an electronic record is automatically
captured by a computer system, retained in the system
for
the right amount of time, and viewable by humans.
Device Checks:
How an
organization verifies that equipment being used for regulated purposes is functioning
properly
Personnel Qualifications:
How an
organization makes sure only trained and qualified people perform functions on
or within the system
Document Control:
How an
organization controls documents related to system operation and maintenance and
preserves the complete history of changes made to these documents
Legacy system:
Legacy
system is an old method, technology, computer system, or application
program relating to previous or outdated computer system. This can also imply
that the system is out of date or in need of replacement.
Copies of Record;
You
should provide an investigator with reasonable and useful access to records
during an inspection.
We
recommend that you supply copies of electronic records by:
Producing
copies of records held in common portable formats when records are maintained
in these formats
Using
established automated conversion or export methods, where available, to make copies
in a more common format (examples of such formats include, but are not limited to,
PDF, XML, or SGML)
Generating
copies of records and any corresponding requirement
, Easy to understand.
ReplyDelete