iBright Analysis Software—Secure
What is 21 CFR Part 11 Compliance?
The FDA released the Electronic Records and Signatures Rule, known as 21 CFR Part 11 in August 1997. This rule defines the requirements for use of electronic documents in place of paper documents. The law specifies the system elements, controls, and procedures that are necessary to ensure the reliability of electronically stored records.
21 CFR part 11 compliance is composed of both procedural and technical requirements. Procedural requirements are the standard operating procedures instituted by the end user, and technical requirements are the functional characteristics of the compliance management software used. Satisfying the technical requirements does not guarantee 21 CFR part 11 compliance alone. Compliance is the consequence of the end user’s work process and systems used.
For technical details on how the Invitrogen iBright SAE Software Solution for 21 CFR Part 11 Support helps ensure workflows compliant to 21 CFR part 11, review thetechnical specifications document.
What is the iBright SAE Software Solution for 21 CFR Part 11 Support?
To implement the iBright SAE Software Solution for 21 CFR Part 11 support on iBright Imaging Systems, you need the following components installed, activated, and communicating with each other (Figure 1):
- SAE Administrator ConsoleSoftware:used with the iBright Imager and Analysis Application Profile to configure the security, audit and e-signature settings for iBright Imaging Systems
- iBright SAE License:used to activate the SAE settings for the iBright instrument and the iBright Analysis Software—Secure desktop software
- iBright Instrument—SAE Mode:firmware mode that connects the instrument to the SAE Administrator Console
- iBright Analysis Software—Secure:desktop analysis software that connects with the SAE Administrator Console
Figure 1: iBright 21CFR11Software Solution* comprised of (1) Security, Audit and e-signature (SAE) Software (SAEAdministrator Console, SAE Server, and SAE Application Profile (i.e. iBright Imager and Analysis Software)), (2a) iBright Instrument – SAE Mode (onboard software), (3) iBright Analysis Software—Secure (desktop analysis software).
*iBright SAE Software License is required for activation of the 21 CFR Part 11 support package
SAE Administrator Console
The SAEAdministrator Console is the tool used to configure security, audit, and e-signature settings to meet user-specific requirements for security, audit, and e-signature of a particular instrument and/or analysis software. The instrument and/or analysis software application profile (e.g. iBright Imager and Analysis Software application profile) must be installed in the SAE Administrator Console before the SAE settings can be used on the instrument and/or analysis software (Figure 2). Once the application profile is installed in the SAE Administrator Console, an SAE server is used to connect to the instrument and/or analysis software to the SAE Administrator Console. By default, the SAE server is installed on the same computer as the SAE Administrator Console, which should be a network-connected computer configured with a static IP address.
Figure 2: Interface view from the SAE Administrator Console
iBright SAE License
iBright SAE Software License for 21 CFR Part 11 is required to activate SAE Mode on the iBright Imaging System and to activate the iBright Analysis Software—Secure desktop analysis software.
iBright Imaging System SAE Mode
When SAE Mode is activated, the iBright instrument connects to the SAE Administrator Console via the SAE server. Security, Audit and e-signature settings, as defined in the SAE Administrator Console, are implemented on the iBright instrument (Figure 3). Features include restriction of unauthorized users to the system, password policies and expiration dates, defined user permissions and roles, tracking of all data changes through audit log, available audit reports, and on-board e-signature workflows. All iBright Imaging Systems can run in SAE Mode through purchase of the iBright SAE Software License.
Fig 3. Visuals from the iBright Imaging System interface showing how to access SAE mode.
iBright Analysis Software—Secure
iBright Analysis Software—Secure is a separate version of our iBright Analysis Software platform to support compliance with 21 CFR Part 11 FDA guidelines for Security, Auditing, and Electronic Signatures when connected to the SAE Administrator Console via the SAE server. The iBright Analysis Software—Secure desktop software can be utilized on computers running Windows or Mac operating systems, and can be configured to:
- Control access to data using account credentials
- Track user actions through audit logs
- Detect data tampering
- Sign electronic documents using electronic signatures
How does the iBright SAE Software Solution for 21 CFR Part 11 Support work?
Functional characteristics of the Invitrogen iBright SAE Software Solution for 21 CFR Part 11 Support
| Function | Description |
|---|---|
| System security | Controls user access to an application by allowing creation of user account and defining user privileges throughrolesand definingpassword policies |
| Auditing | Tracks actionsperformed by users, changes to the SAE module settings, and creatingaudit reports |
| Electronic signature (e-signature) | Determines if users are required to fulfillsignature requirementsbefore performing specific functions |
Additional design features for each function are detailed below:
System Security
1.Access is restricted to authorized personnel via user ID and password
Figure 4:Interface of the SAE Administrator Console showing new user account creation.
2. Passwords and user ID must expire after auser-definednumber of days (typically 90 days).
3. Automatic logout afteruser-definedminutes of inactivity (Figure 5).
Figure 5: Interface of the SAE Administrator Console showing user name and password policy settings.
4. ID and password must be re-entered to sign or modify record.
5. Must have a method to record and automatically report ‘forgery’ attempts (event notification).
6. Access and manipulation of various software functions are controlled through user role definitions.
7. Control access to specific areas and options in software (Figure 6).
Figure 6: Interface of the SAE Administrator Console showing user role settings.
Auditing
Tracks actions performed by users and changes to the SAE settings. The SAE Administrator Console automatically tracks auditable actions silently (including, but not limited to, sign in/sign out, image acquisition, image exported, image deleted, file signed and report generation) (Figure 7).
Figure 7: Interface of SAE Administrator Console showing the audit history tab. (1) audit history available (action records, system configuration records, application object records), (2) application (SAE, iBright Instrument and Analysis Software, or other), (3) action, (4) date and user name (5) export in readable/printable format (PDF or .txt), (6) object ID.
With the auditing functionality, you can:
- Select to audit specific user actions and specify the audit mode (silent, optional or required)
- Generate reports for audited user actions and SAE module changes
- Generate reports for software or instrument actions and events
Committing auditable actions
Auditable actions can be committed onboard the iBright Imaging Systems instrument or in the iBright Analysis Software—Secure software. In order to track changes, changes must be committed and saved. The committed changes made can be viewed under audit tab in the software application. Every commit creates a new version of metadata and is logged in the audit summary table in the audit tab. All committed actions are sent to SAE Administrator Console and logged under audit action records.
In the Commit workflow, select the Reason to commit from the selections displayed (or choose Other/Custom Reason). Enter comments as required and click on Commit (Figures 9 and 10).
Figure 9: iBright Analysis Software—Secure desktop software showing the reason to commit window and function (1) reason field (2) option to add a custom reason (3) comments.
Figure 10: iBright Imager SAE Mode auditable changes screens, displaying reason to commit window and function (1)reason field, touch “Blank reason” box to open audit reason screen (2) Select from options or “Other” to add a custom reason (3) enter comments if needed and touch Save, (4) confirmation screen of changes committed.
Electronic signature
Determines if users are required to fulfill signature requirements before performing specific functions (Figure 8).
Figure 8: Interface of the SAE Administrator Console e-signature settings. (1) customize the meanings of e-signatures (2) customize the number of e-signatures required by meaning and role (3) type of data signed for a specific selected meaning.
With the electronic signature functionality, you can:
- Configure each e-signature event to require users with specific roles to sign
- Create separate meanings with customized signature requirements for each meaning
Signing files and generating signed reports
When all the changes are done and committed, the file can be signed as per signature rules set in the SAE Administrator Console. Signature requirements (number of signatures and role required) for the selected meaning will be listed in the table (Figures 11a and 11b). Once all signatures are obtained, the status of the signature rule will be updated in the e-signature table for the corresponding version found in the audit tab from unsigned to signed. A signature log will be added in e-signature summary table.
In e-signature workflow, select the applicable e-signature meaning. Required signatures and roles will be listed. Select the applicable role and enter credentials. When all signatures are obtained, the file will be fully signed and locked.
Note:iBright Analysis Software—Secure allows partially signed files to be shared across user computers in partially signed state. When all signatures are obtained, the file will lock. iBright Instrument e-signature workflows requires all signatures to be obtained before exiting the e-signature workflow.
Panel A
Panel B
Figure 11: Signature workflow in iBright Analysis Software—Secure (panel A) and iBright Imager SAE Mode (panel B). Select Signature Meaning from available drop down. In iBright Analysis Software—Secure, each required role is listed, and signatures can be provided by clicking on “unsigned” status link for designated role. Partially signed files can be sent to additional users using iBright Analysis Software—Secure to complete all signature requirements. In iBright Imager SAE Mode, signature requirements for the designated Meaning are listed under the user icons. All signatures must be obtained at the same time onboard the iBright.
A report can be created directly from the iBright Imaging Systems instrument or from the iBright Analysis Software—Secure desktop software as either unsigned or signed. The file must be fully signed by all required roles/signatures prior to generating a signed report (Figure 12).
Figure 12. Export of image analysis report from iBright Analysis Software- Secure desktop software.
