21 CFR Part 11 Compliance Features of all MCC Products

 

Paragraph

Product Function

Compliance

Subpart B Electronic Records

Sec. 11.10 Controls for closed systems

11.10

Elaborate security controls and audit trail to ensure the authenticity, integrity and confidentiality of electronic records.

 

        

11.10(a)

Systems have been developed and validated using FDA guidelines. Invalid data is rejected by the software.

 

        

11.10(b)

There is a variety of means to generate copies of records in human readable for suitable for inspection, review and copying. All system generated data files, reports and plots, as well as audit trail records, are read-only.

 

        

11.10(c)

Records are protected by restricting access to authorized users.

 

        

11.10(d)

All MCC systems have a multiple level of password control. Individual levels of authorized access include: User, Supervisor, Maintenance, and MCC Maintenance. 

 

        

11.10(e)

A comprehensive audit trail captures all significant user actions and system conditions, including actions that create, modify or delete data or user ID/passwords.  Audit trail records include date, time, user ID, printed name of the user, action, and reason for action. Audit trail files can be copied and printed out.

 

        

11.10(f)

Only permitted sequences of steps are allowed.

        

11.10(g)

All functions check access authority.

        

11.10(h)

The source of data is verified through electronic means.

        

11.10(i)

SOP

N/A

11.10(j)

SOP

N/A

11.10(k)

SOP

N/A

11.30

All MCC products are closed systems.

N/A

11.50

MCC systems do not use electronic signatures of the electronic records.

 

N/A

11.70

MCC systems do not use electronic signatures of the electronic records.

 

N/A

Subpart C Electronic Signatures

11.100

MCC systems do not use electronic signatures of the electronic records.

N/A

11.200

MCC systems do not use electronic signatures of the electronic records.

 

N/A

11.300 Controls for identification codes/passwords

11.300

All MCC systems have a multiple level of password control. Individual levels of authorized access include: User, Supervisor, Maintenance, and MCC Maintenance.

 

        

11.300(a)

System requires that each User ID and password combination is unique.

 

        

11.300(b)

90 days password aging. If password has expired, a user with proper authority is required to enter a new unique password.

 

11.300(c)

Supervisor and Maintenance level access has authority to disable user accounts and to reset passwords.

 

        

11.300(d)

3 or more invalid login attempts are recorded in audit trail.

11.300(e)

SOP

N/A