Electronic Signatures

Electronic Signatures

Controls for identification codes/password

Persons who use electronic signatures based upon the use of identification codes in combination with passwords shall employ controls to ensure their security and integrity.

Such controls shall include:

(a) Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of an identification code and password.

(b) Ensuring that identification code and password issuances are periodically checked, recalled, or revised
(e.g., to cover such events as password aging).

(c) Following loss management procedures to electronically deauthorize lost, stolen, missing, or otherwise
potentially compromised tokens, cards, and other devices that bear or generate identification codes or
password information, and to issue temporary or permanent replacements using suitable, rigorous controls.

(d) Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to
detect and report in an immediate and urgent manner any attempts at their unauthorized use of the system
security unit, and, as appropriate, to organizational management.

(e) Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification codes or
password information to ensure that they function properly and have not been altered in an unauthorized
manner.

To understand fully the importance of computer validation, one must realize that computers can perform the
functions humans are used to. Instructions such as SOPs are needed to instruct humans as to what functions to perform and in what order. When computers are used, these instructions are programmed.

Computer systems are extensions of the processes that they are designed to control or monitor as a result, all computer-controlled manufacturing is subject to validation. With the exponential increase in PLC-based manufacturing systems, the FDA has begun to place strict requirements on computer validation.

A computer system consists of hardware, that is, physical and calibration devices, sensors, input/output devices, transducers, or equipment, and its companion software, which is used to generate records, instructions, or data.

Source codes and supporting software documentation used in the drug process control is considered to be part of the master production and control records under cGMP interpretation.

The computer systems may comprise

• Computer-integrated manufacturing
• Analytical instrumentation and automated laboratory practices
• Computer-controlled electronic signature systems
• Computer-integrated packaging operations
• Laboratory information-management systems
• Computer systems for good clinical practice
• Computer-assisted medical devices

The categories listed above require qualification and validation documentation. It is advisable that process automation and companion computer-integrated manufacturing operations not be initiated until sufficient prospective and concurrent validation studies have been completed.

The requirements for hardware validation are identical to those of any other equipment in use, comprising the
OQ/IQ/PQ cycle, except that in the PQ, it is the test of software used. The software validation comprises functional testing, in which defined inputs produce outputs that meet expectations or specifications; a thorough examination of source codes, database designs, programming standards, control methods, and support documentation; or a
quality-assurance program that includes alternate plans, contingency practices, record retrieval, and security practices