21 CFR Part 11 user guide for the Morphologi G3 software

This document provides details on the features provided for Morphologi instruments to aid technical compliance to 21 CFR Part 11.

Introduction

This document provides details on how to use the 21 CFR Part 11 features provided for the Morphologi instruments.

Assumptions

The intended readership is the system administrator. This is defined as the person responsible for the security and 21 CFR Part 11 compliance of the instrument. Some knowledge of the Windows™ operating system is assumed and some familiarity with the instrument software is also assumed.

It is assumed that the software has been installed in accordance with the guidance provided by the relevant Software Update Notification (located on the Application CD) and that the feature key, CPS0036, has been installed.

ER/ES Configuration

Selecting Tools→Settings→ER/ES Settings will bring up the dialogue shown in figure 1. If this menu item is grayed out, the 21 CFR Part 11 Feature Key will not have been installed.

PDF file output directory

The PDF file output directory is the location where reports generated at the end of a measurement SOP will be stored. It is recommended that these reports be held on a centralized file server in order to comply with the 21 CFR Part 11 regulations about data preservation (Figure 1).

Figure 1: Configure ER/ES Options Screen
mrk1058-02_fig01

Prohibition of Record Deletion

It is possible to control individual user's ability to delete records using the Group Permissions in the security configuration.

However, for strict compliance to 21 CFR Part 11, it is also possible to prevent record deletion for all users by checking the prohibition option on the Configure ER/ES settings screen (Figure 1)

Enabling continuous use check.

In order to ensure that the person operating the system is actually the person identified by the access control system, it is possible to configure the software to monitor the system usage. If the software remains idle for longer than a period specified, the user will be logged out. To enable this feature, check the option on the Configure ER/ES settings screen (Figure 1) and configure the Timeout period.

Specifying the Audit Trail file output directory

The Audit Trail file output directory is the location where the Audit Trail files will be stored (Figure 1). It is recommended that these reports be held on a centralized file server in order to comply with the 21 CFR Part 11 regulations relating to data preservation.

Specifying the Audit Trail file interval

It is possible to control the approximate size of an audit trail file by specifying how often a new file is created. The period depends upon the usage of the system and the typical number of auditable events that occur in a day. This can only be assessed by the user from experience of using the system. Typical practice is to start a new audit file weekly and observe the number of events audited over that period, and then adjust the audit period to suit system usage.

After the specified period has passed, the application will automatically begin a new audit trail file. The new file name will be automatically recorded at the tail end of the previous file in order to maintain a continuous audit trail.

Security Configuration

The configuration for the security system, Figure 2, can be found under the Security menu. The security system is similar to the Windows operating system security and should be familiar to most advanced users.

Figure 2: Security Configuration Screen
mrk1058-02_fig02

Warning

It is possible to configure the security system in such a way as to prevent any user from logging in to the system. To avoid this situation, make sure that you do the following:

1. Configure a group with permission to edit user settings.

2. Ensure that there are at least two users that are members of this group.

3. The first user should be the individual responsible for administering the security settings of the machine.

4. The second user should be a pseudo account. The user name and password for this account should be recorded and stored in a secure but well known place. This might be in a sealed envelope held in the company safe or with a trusted individual such as the head of the I.T. department. This will permit access to the security system should the other user become unavailable.

Enabling security

Security is disabled by default to allow free access to the software. The administrator of the system should configure the users and groups before enabling the security system.

Once the users and groups are configured, access and configure the security settings.

Finally check the Enable Security check box. For 21 CFR Part 11 enabled systems, it will not be possible to disable the security once enabled.

Adding Groups

A group defines a set of access rights that may be granted to member users. An access right allows or prohibits use of a specific feature of the software. The access rights are detailed in the Appendix.

Group Name

Is an alias for the group. This is usually a descriptive name for either a level of access or a job function. Commonly defined groups are Operators, Supervisors and Administrators, see Figure 3.

Figure 3: Group Properties Screen
mrk1058-02_fig03

Description

Contains a more detailed description of the group.

Members

The list of users who are members of the group. Each member has the access permissions that the group allows. Users can be added to a group either as part of the user creation process or the group creation process.

Permissions

The list of access permissions conferred by membership of a group. Any user who is a member of the group will be granted access to a software feature if the relevant permission is checked.

Adding Users

Once suitable groups have been defined, the next step is to add the users to the system, see Figure 4. It is possible to add a single user by clicking Users/New User in the Security Configuration Menu. Rapid addition of existing users to a new Group can be done by double clicking an empty line in the Members section of the Group Properties dialogue for that Group. This action will cause the whole list of existing users to be displayed and selected users can be highlighted as a group. Clicking "OK" will then add all the highlighted users to the new Group.

Figure 4 : Creating a new user
mrk1058-02_fig04

Username

Each user must have a unique user identifier and should be a member of at least one group. Any local SOP for security configuration should be followed but a typical practice is to use the initials and surname of a user as the user identifier.

Full Name

The full name is the printed name of the user. This is the full name of the individual and may be placed on reports to identify the individual who made a measurement.

Description

This is typically the user's job title or function.

Password

The password field is where you enter the password. For security reasons, the password is not displayed. It will also be noted that the number of symbols displayed may not necessarily map exactly to the password length.

A typical practice to preserve the security of user's passwords is for the administrator to agree a temporary password with the user, (this must not be the user's final password), and check the option to force the user to change this password at the next logon.

User must change password at next logon

If this field is checked, users will be asked to change their passwords the next time that they log on to the system. This allows the administrator to set temporary passwords for new users or users who have forgotten their passwords.

User cannot change password

If this box is checked, the user will not be able to change the password unless it is the first time that a user has logged in and the system expects the user to change the password at the next logon.

This box should only be checked in special circumstances such as for an administrator account to be used in emergencies.

Password never expires

Checking this box prevents the password expiry setting from applying to this user.

This box should only be checked in special circumstances such as for an administrator account to be used in emergencies.

Account disabled

Checking this box prevents the user from logging in to the system. This box should be checked when a user leaves the company or no longer is allowed access to the system. Under 21 CFR Part 11, user's information must be retained for the full period of record retention. This option allows access to be prevented without removing the user details from the system. Many companies will use this feature to suspend an account while the user is on vacation.

Account locked out

This box will be enabled and checked if a user has been denied access by the security system. The administrator is able to allow access again by clearing this check box.

This will typically happen when users forget their passwords and have made more than the allowed limit of logon attempts. It may also be an indication of an attempt to logon by an unauthorized user.

Adding users to groups

This can be done in two ways. In the edit user screen, pressing the Groups… button will list the groups available for the user to join. Pressing the Add button will include the user in the selected group or groups. (Figure 5)

Figure 5: Group Memberships screen
mrk1058-02_fig05

Where users are members of more than one group, it should be noted that if a permission is granted in one group, it will override any denial of the same permission in another group. In this way users have the sum of all the permissions in the groups they belong to. Administrators should be aware of this and be sure that they are familiar with the permissions which membership of each group confers on members.

It is also possible to add users to groups by pressing the Add button in the group properties screen. This will then list the users who are available to add to the group. The Remove button works in the reverse direction when members are to be removed from a group.

Security Settings

Security > Configure Security >Options > Security Settings will give access to the Security Settings screen. (Figure 6)

Figure 6: Security Settings Screen
mrk1058-02_fig06

Password Age

It is possible to force users to change their passwords after a period of up to 365 days has elapsed. Once the password has expired, users will be prompted to confirm their existing passwords and specify a new one. In conjunction with the password uniqueness option, this can force users to regularly review their passwords.

This facility should be used with caution. If users are too frequently forced to change their passwords, it is common for them to forget them or worse to write them down, thereby defeating the original purpose of the security system.

Password Uniqueness

Each time that a user enters a new password, it can be checked against a list of up to 32 previous passwords held in the software to ensure that fresh passwords are used.

It is recommended that if this feature is used, the size of the password history list should be limited to between 3 and 6 passwords. Any fewer and users will not have to review their passwords. More will force users to choose unfamiliar passwords and will increase the possibility of passwords being written down.

Password Size

It is possible to specify the minimum length for a password up to 32 characters. As a rule of thumb, the shorter a password is, the easier it is to guess. However, if it is too long, users will not be able to remember their passwords. 6 characters is generally a good compromise.

Account lockout

The software monitors each user's attempts to log in. If the user fails to enter the correct user identifier and password combination, the software will record this and can optionally deny future access to the software.

It is possible to specify the number of unsuccessful attempts allowed (up to 10) before users are locked out. This count will be reset after a specified period of time to allow for genuine users forgetting their passwords.

If users exceed the allowed number of attempts, the software can either lock them out of the system for the specified period or require the intervention of another user with Administrator privileges to unlock their accounts.

If the username in the security Configuration screen has an icon with a cross through it, that users access capability has been disabled.

If the username has an icon with a padlock next to it, that user is locked out and the administrator should establish the reason for this before unlocking the account to re-admit a bona-fide user.

Audit Trails

The application software records system events in the system audit trail. This is a record of the application starting and closing, security events such as logging in and out of the system, and file events such as creation and deletion of measurement records and SOPs (Figure 7).

Figure 7: Audit trail view
mrk1058-02_fig07

Use the File Open menu to view audit trail files other than the currently active one viewed by default. Using the File Export menu option it is possible to export the audit trail file contents to an ASCII file for review and printing.

Measurement Audit Trails

Measurements cannot be edited. If changes are made to a measurement, a new measurement record is created at the end of the file. In the application, each record contains Audit Information allowing the user to view audit information in the record view (Figure 8).

Figure 8: Measurement Audit Parameters
mrk1058-02_fig08

Instructions for configuring the workspace are available in the application's online help.

SOP Change History

The SOP files contain their own audit history in the form of file versions. Each time that an SOP is edited, a new version is created and the original values are preserved. By comparing the versions of the SOP file, it is possible to see what changes were made and by whom.

Pressing the Versions… button will display the version history of this SOP file (Figure 9).

Figure 9: SOP Versions screen
mrk1058-02_fig09

To see the changes made between two versions of the SOP, select the two required revisions and press the Diff button to display the Differences screen (Figure 10).

Figure 10: SOP Differences screen
mrk1058-02_fig10

The differences screen displays three columns; the parameter name for each parameter that has changed and the value of that parameter for each of the two versions. The fact that the SOP file has a new revision will also be recorded in the system audit file.

Electronic Signature Support

The application software does not directly support electronic signatures. The application will integrate with the Adobe Acrobat™ package and allow reports to be created as Portable Document Format (otherwise known as PDF) files automatically at the end of each measurement. These report files are held in the Acrobat Results folder specified in the ER/ES Settings. The file name for these report pages will be the Measurement file name followed by the record number of the result in question.

Once reports have been generated, the Adobe Acrobat package can be used to electronically sign them using either the Adobe Self-Sign technology or a third party digital signature solution such as VeriSign™. The Adobe Acrobat Self-Sign solution is fully compliant with 21 CFR Part 11. The Adobe Knowledge base document 323231 details the compliance. It can be found at http://www.adobe.com/support/techdocs/323231.html.

If the document is not displayed, using the document number (323231) as the search clue on the Adobe web site search engine will bring it up.

Figure 11: Acrobat Report
mrk1058-02_fig11

Configuring Windows Security Permissions

The Morphologi software suite uses a series of different file types in order to store data and measurement settings. The default directory's that user data will be stored are:

Configuration Data - C:\ProgramData\Malvern Instruments\Morphologi

Measurement Data - C:\Users\Public\Documents\Malvern Instruments\Morphologi

Files produced by Morphologi should be protected from deletion by using the operating system security features. The files and their default directories that need to be protected are:

File TypeExtensionDefault Path
21CFR11 mode: Audit trails.adtC:\Users\Public\Documents\Malvern Instruments\Morphologi\Audit Trails
Measurement data.vmesC:\Users\Public\Documents\Malvern Instruments\Morphologi \Result Data
Reports.vrepC:\Users\Public\Documents\Malvern Instruments\Morphologi \Reports
SOP.vsopC:\Users\Public\Documents\Malvern Instruments\Morphologi\SOP

NOTE: This is simply a recommended subset, the user may wish to restrict other file types

Security permissions - No Delete

The "No Delete" security permission within the Windows operating system allows users to access data files or directories (a requirement for running all Malvern software), but prevents deletion and renaming. It can therefore be inferred from this that the user should not subsequently be allowed to:

  • Have full control over the security permissions

  • Take ownership of the security permissions

  • Change security permissions

A user installing a Malvern software product might want to create a custom directory structure unique to their operation, in this case these user-defined data directories should be assigned the security permissions.

Configuring Windows 7 security permissions

It is assumed that you have the required administrator rights for the system upon which the Morphologi software is being installed; allowing you to install or update software and configure windows security permissions.

Permissions will need to be configured for each user profile.

Changing the directory security permissions

Navigate to each of the directory folders that need to be secured in turn, right-click on it and through the context menu open the folder properties, switch to the security tab and open the advanced settings, see figure 12.

Figure 12: Navigate to Advanced security settings
mrk1058-02_fig12

Clear the checkbox 'Include inheritable permissions from this objects parent', shown in the figure 13. 

Figure 13: Advanced security settings page
mrk1058-02_fig13

If a warning is displayed, click Add. This will prevent modifications to parent directories overriding the changes we are implementing. Check the 'Replace all child object permissions…' shown above. This will apply the changes we make to permissions for all files in this directory.

Select the Users group and Edit the groups' permissions. This causes the Permission Entry window to appear, see figure 14.

Figure 14: Permissions entry Window
mrk1058-02_fig14

Allow access to all permissions with the exception of:

  • Full Control

  • Delete subfolders and Files

  • Delete

  • Change Permissions

  • Take Ownership

Ensure that the Apply To setting is changed to This folder, subfolders and files. Clear the 'Apply these permissions to objects…' checkbox as shown in figure 14

Repeat this procedure for the other directories.

 

NOTE: Do not apply these permissions to the following directories:

  • C:\Users\Public\Documents\Malvern Instruments\Morphologi\Temp (This will prevent the user from running measurements as the temporary files are created whilst a measurement is running and deleted at the end when the result is saved)

  • C:\Users\Public\Documents\Malvern Instruments\Morphologi\Acrobat Results (this will prevent the user from creating PDFs, unless the PDF is saved to a different, uncontrolled folder)

  • C:\Users\Public\Documents\Malvern Instruments\Morphologi\Raman Data (this will prevent the user from exporting spectra, unless they are to be saved to a different, uncontrolled folder)

Appendix: Administering Group Permissions.

As a general rule, this should be done by the administrator in consultation with the most senior operator, the Qualified Person for the Lab or the laboratory supervisor.

PermissionDescription
Configure Communications SettingAllow the user to modify the serial port to which the instrument is connected.
This feature should be restricted to advanced users. Once the software is installed, it should not be necessary to modify the communications settings.
Configure ER/ES settingsAllow the user to alter the ER/ES settings.
In a 21 CFR Part 11 environment, this feature should be restricted to the administrators of the system.
Configure user workspace settingsAllow the user to configure the workspace settings such as which reports are available and which parameters are displayed in the record view.
You may wish to pre-configure the workspace for all users and confine changes to the more advanced users.
Control display of status barAllow the user to show or hide the status bar at the bottom of the application window.
The status bar displays useful help and diagnostic information and should not generally be removed.
Control display of toolbarsAllow the user to show or hide toolbars at the top of the application window.
The toolbars provide quick shortcuts to commonly used features of the software and should not generally be removed.
Create and edit export templates.Allow the user to create or modify templates for the export of data.
You may wish to pre-configure standard export templates and confine access to this feature to advanced users.
Create and edit reports.Allow the user to create or modify reports.
You may wish to pre-configure standard reports and confine access to this feature to advanced users.
Create and edit SOPsAllow the user to create and modify SOP settings.
You may wish to pre-configure standard SOP files for your product range and confine access to this feature to advanced users.
Delete ResultsAllow the user to delete results.
In a 21 CFR environment, this permission should not be provided to any user. This facility is provided for a mixed environment where some users do not operate under FDA regulations.
Edit Line StylesAllow the user to modify the line styles used in graphing.
You may wish to pre-configure acceptable line styles and confine access to this feature to advanced users.
Edit ResultsAllow the user to create a new result by modifying the analysis parameters and recalculating the result.
Since no data is changed or obscured in the original record, access can be granted to any user.
Edit User SettingsAllow the user to modify the security settings and manage the users and groups.
Access to this feature should be confined to administrators of the system. At least one user must have access to this permission.
Make a measurementAllow the user to make a measurement.
This feature is required by any user wishing to make a measurement but may not be required by the system administrator.
View Audit TrailAllow the user to view and export the audit trail files.
Access to this feature should be confined to the administrators of the system.

Login

Not registered yet? Create an account