Page 341 -
P. 341

Chapter 10 • Global, Ethics, and Security Management  299

                                       APPENDIX A



              ( ⁄211.10)  Controls  for  closed  systems  (environment  in  which  access  is  controlled  by  persons
              1
              responsible for the electronic records). Persons using closed systems to “create, modify, maintain, or
              transmit electronic records” need to employ the following procedures and controls, and need to ensure
              that the signer cannot repudiate the records as not genuine.
                 •Validate systems.
                 •Generate accurate and complete copies of records in a readable and electronic form subject
                  to inspection, review, and copying.
                 •Protect records for retrieval during the records retention period.
                 •Ensure limited access to authorized individuals.
                 •Create a secure, computer generated, time stamped audit trail for date and time of operator
                  entry or action. When creating, modifying, or deleting records; changes should not obscure
                  the previous record.
                 •The audit trail must be retained and available for agency review and copying.
                 •Use operational system checks to permit sequencing of steps and events.
                 •Use authority checks to ensure that only authorized individuals use or access a system,
                  alter records or electronically sign a record.
                 •Use device checks to determine the validity of data input source or operational instruction.
                 •Determine that those who develop, maintain, or use the system have the appropriate
                  education, training, and experience for their assigned tasks.
                 •Have written procedures in place to hold individuals accountable and responsible for
                  actions under the use of their electronic signature.
                 •Have controls of distribution, access, and use of documentation for system operation and
                  maintenance.
                 •Have time-sequenced development and modification of systems documentation for revisions,
                  and change control procedures for the audit trail.

            EXHIBIT 1-1A 21 CFR Part 11 Subpart B—Electronic Records.




                  Subpart E—Purchasing Controls
                  Each manufacturer shall establish and maintain procedures to ensure that all purchased or
              otherwise received product and services conform to specified requirements.
                 •Evaluation of suppliers, contractors, and consultants. Each manufacturer shall establish
                  and maintain the requirements, including quality requirements, that must be met by
                  suppliers, contractors, and consultants.
                 •Evaluate and select potential suppliers, contractors, and consultants on the basis of their
                  ability to meet specified requirements, including quality requirements. The evaluation shall
                  be documented.
                 •Define the type and extent of control to be exercised over the product, services, suppliers,
                  contractors, and consultants, based on the evaluation results.
                                                                              (continued )
   336   337   338   339   340   341   342   343   344   345   346