The following table shows parts of the 21 CFR Part 11 Compliance Report. A detailed report is available on request.

FDA Paragraph Questions / Requirements Comments Screen
11.3(9) Is the system used as “Closed system” according to the definition? LabImage is defined as a closed system. It is an environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system. Physical access to computer and systems is limited to known people. n.a.
11.10(a) detail 1 Is the system validated? LabImage has been developed in compliance with the Kapelan Quality Management System. Kapelan grants full compliance with 21 CFR Part 11 requirements.

Kapelan supports validation of the application during projects upon request.

n.a.
11.10(a) detail 2 Is it possible to discern invalid or altered records? Yes. An entry can be generated in the audit trail for any opera­tor action. All relevant changes are logged, including the time stamp, user ID, new value and comments. Unauthorized changes are prevented by the access security function of the system. Archived records are stored in a database and protected with a security mecha­nism to detect any unauthorized changes.

Changes within the configuration of LabImage can be traced using LabImage installation record.

app_glp_audit_trail
11.10(d) Is system access limited to authorized individuals? Yes. LabImage provides an internal user account management using LabImage UADM. This user account management works independent on the operating system. Customers should ensure that only persons who have a legitimate reason to use the system should be granted access to the system.

As this requirement is virtually equivalent to 11.10(g), it is generally interpreted to refer to both physical access and logical access.

n.a.
11.10(h) If it is a requirement of the system that input data or instructions can only come from certain input devices, does the system check the validity of the source of any data or instructions received? The valid of input data from external devices such as gel documentation systems depends on secure interfaces. A predefined security interface protocol is delivered by LabImage but has to be implemented by the vendor of the input device. Once this is implemented a secure and unmodified data transfer image including capture meta data is guaranteed.

If the capture process is part of LabImage data will never leave the secure system.

n.a.
11.10(e) detail 1 Is there a secure, computer gener­ated, time stamped audit trail that records the date and time of operator entries and actions that create, mod­ify, or delete electronic records? Yes. The audit trail is secure within the system and cannot be changed by a user.

Changes can be traced back by the system itself and contain information with time stamp, user ID, new value and comment. Any parameter used in an earlier stage is documented in the audit trail.

n.a.
11.50

detail 2

Is the above information shown on displayed and printed copies of the electronic record? Yes.

The information mentioned above can be displayed and printed as a component of the electronic record.

n.a.
11.200 (a)(1)(i) Is the signature made up of at least two components, such as a user ID and password, or an ID card and pass­word? Yes.

LabImage Login identifies the person with two distinct components, e. g. user ID and password.

n.a.
11.300(b) detail 2 Do passwords periodically expire and need to be revised? Yes.

A password expires after a specified number of days and cannot be reused for a specified number of generations. Password aging has no effect on prior usage (records, signatures).

n.a.
11.10(g) Does the system ensure that only authorized individuals can use the system, electronically sign records, access the operation or computer system input or output device, alter a record, or perform other operations? Yes. The user ID and pass­word are being used. Central user management is used in this regard for managing users and user groups.

In addition, the customer should define how access is limited to authorized individuals (e.g. who has access to specific objects or functions within LabImage), including the special rights for administrators.

n.a.
11.300(d) detail 1 Is there a procedure for detecting at­tempts at unauthorized use and for informing security? Yes. The user account is blocked after a specified number of unauthorized attempts. In addition, the customer is responsible for providing ap­propriate organizational measures.

Access is disabled after a specified time of user inactivity.

n.a.
11.10(g) Does the system ensure that only authorized individuals can use the system, electronically sign records, access the operation or computer system input or output device, alter a record, or perform other operations? Yes. The user ID and pass­word are being used. Central user management is used in this regard for managing users and user groups.

In addition, the customer should define how access is limited to authorized individuals (e.g. who has access to specific objects or functions within LabImage), including the special rights for administrators.

n.a.

 

Request the detailed report to see if Kapelan’s software fits your QM regulations.